Gil Zhang
Greater China Region Guide 2024
Band 2 : TMT: Data Protection & Privacy (PRC Firms)
Email address
[email protected]Contact number
+862162635922Share profile
Band 2
About
Provided by Gil Zhang
Practice Areas
GIL ZHANG SPECIALIZES IN PRIVACY AND DATA PROTECTION, CYBER SECURITY, AND REGULATORY COMPLIANCE.
Mr. Zhang practiced in private practice and in-house as senior counsel for many years. He has extensive experience in corporate and compliance work.
Mr. Zhang has advised many clients on global GDPR compliance projects. He has extensive experience in setting up data protection compliance programs in China and localizing GDPR-centric data protection programs and FTC privacy management programs in China. He has also worked on and managed the global Binding Corporate Rules project. He has extensive experience in managing global compliance projects, law enforcement actions, and setting up data protection governance structures as well as various processes to comply with EU GDPR, US laws and personal data protection laws of non-European countries, including China and APAC countries.
Mr. Zhang also advises clients on various law enforcement and contentious matters, such as criminal investigations into alleged infringement of data protection rights, mandatory privacy audits, misappropriation of confidential information by employees, and data breach response and reporting in various jurisdictions. He also advises various clients on data protection issues in relation to emerging technology such as artificial intelligence, internet of things, big data, and driverless cars.
Mr. Zhang has worked on various personal data protection related matters. These matters include conducting due diligence on target company compliance with Chinese data protection laws in M&A and investment transactions, data mapping, designing personal data collection and consent mechanisms, conducting supplier data protection due diligence, advising on cross-border data transfers and security assessments, drafting privacy policies and app user agreements, advising on data protection impact assessments (DPIA), drafting internal employee-facing privacy compliance requirements, handling data subject requests (DSR) and designing automated DSR processes, and reporting data breaches.
Mr. Zhang has represented many multinational companies and Chinese private companies on various general corporate and compliance matters in the healthcare and life sciences industries. He has advised and worked on various matters such as post-merger and post-acquisition integration, feasibility studies on China business models, drug and device promotion, medical device and life science instrument distribution, third-party sales, intermediary screening and management, government tenders, R&D collaboration and sales and marketing collaboration, intellectual property licensing, corporate restructuring and employment.
Mr. Zhang has extensive experience on various compliance matters including anti-bribery compliance, third-party vendor screening and due diligence, export control including embargo and control of dual-use items, and anti-discrimination and anti-harassment. He has also worked on various internal investigations including employee misconduct, fraud, conflict of interest and other violations of company policies and has responded to government investigations in Asia Pacific countries during his time as in-house counsel, such as responding to KCC’s investigation in Korea.
Career
Before joining Fangda in 2018, Mr. Zhang worked in Singapore as the general counsel for a US life science analytical instruments and medical device company in the Asia Pacific. Mr. Zhang also practiced law in two reputable PRC law firms in Shanghai, with primary focus on corporate and compliance as well as venture capital investment.
Professional Memberships
Certified Information Privacy Professional/Europe and Asia (CIPP/E, CIPP/A) of International Association of Privacy Professionals (IAPP)
Certified Information Privacy Manager (CIPM) of IAPP
Fellow of Information Privacy (FIP) of IAPP
Experience
Managed and worked on the global GDPR readiness compliance project and the Binding Corporate Rules project with French CNIL as project lead
Assisted a renowned China internet company in setting up a data protection compliance program to meet the requirements of GDPR and Chinese law
Advised a renowned Chinese internet company on its global data protection compliance strategy, law enforcement response protocols, and data protection framework
Advised a renowned facial recognition technology company on data protection and compliance matters
Assisted a multinational driverless car manufacturer in conducting data mapping and assessment on its compliance with the China Cyber Security Law and other regulations and national standards
Advised various OEM and parts suppliers on issues related to data surveying and mapping and to open road tests in China and assisted clients in setting up data acquisition protocols
Assisted a China-listed company in responding to a local police cybersecurity inspection
Advised various international banks on information system outsourcing, setting up CRM systems and pool of data, employee surveillance, outsourcing of KYC processes and systems, personal data protection and important data protection
Advised a foreign clearing house on Chinese national security review, important data protection and state secrets protection
Assisted a multinational company in responding to data protection infringement allegations and in setting up a data protection compliance program
Assisted a multinational heavy machinery manufacturer in categorizing important data
Assisted various multinational retailing companies in setting up data protection compliance programs in China and advised them on computerized advertisements
Assisted various multinational medical device companies in conducting data mapping and assessments on their compliance with the China Cyber Security Law and other regulations and national standards
Assisted a China-listed company in evaluating its business partner’s compliance efforts for the purpose of a global collaboration and assisted in setting up a data protection vendor due diligence process involving compliance with data protection laws of China, US, EU and South American countries
Assisted a renowned Chinese TMT company in conducting data protection compliance due diligence on the target companies in its various investments and transactions
Assisted various multinational chemical companies in conducting assessments on cross-border data transfers and preparing cross-border data transfer protocols
Advised a multinational company on the permissible extent of employee surveillance under Chinese laws
Advised a multinational company on the legitimacy of using GPS to track employees’ location data under Chinese laws
Assisted a multinational retail company in conducting data mapping and assessment on its compliance with the China Cyber Security Law and other regulations and national standards
Advised a Chinese online healthcare company on data mapping, personal data collection on its online platform, and other aspects of its personal data protection compliance
Assisted a multinational pharmaceutical company in conducting annual risk assessments in relation to personal data protection and cyber security
Assisted a Chinese pharmaceutical company in preparing a privacy policy and user agreement for its app on AppStore
Advised a Chinese medical institution on its hospital information system (HIS) and cyber security issues related to its proposed use of cloud services
Advised and assisted a wine company in localizing its GDPR-centric privacy policy
Assisted a biopharma company in preparing website terms of use and a global privacy policy for its operation in China, the US and Europe
Assisted an international certification company in localizing its GDPR-centric privacy policy for its business in China
Assisted a multinational pharmaceutical company in preparing a privacy notice to its employees in China and in revising its employee handbook in relation to personal data protection
Assisted a biopharma company in a preparing a privacy notice for its social media platforms such as WeChat
Advised a multinational pharmaceutical company on the legitimacy of sharing and processing patient health data
Advised and assisted a multinational company in personal data breach reporting to the Chinese authorities as a result of a security breach in its supplier’s system
Assisted a multinational pharmaceutical company in managing data breach notification and criminal reporting and advised on mitigation measures
Advised and assisted a multinational pharmaceutical company in conducting a privacy impact assessment for use of facial recognition technology
Advised a multinational pharmaceutical company on setting up a guest-WIFI gateway in China
Advised a multinational pharmaceutical company on personal data protection issues during regulatory registration of its medical device for drug metabolism rate tracking
Advised a multinational pharmaceutical company on its proposed deployment of digital signature technology
Researched and prepared a research paper comparing artificial intelligence laws in China and other countries
Education
National University of Singapore
LL.M
East China University of Political Science and Law
LL.B.
Languages Spoken
-English
-Chinese