Gil Zhang

Practice Areas

GIL ZHANG SPECIALIZES IN PRIVACY AND DATA PROTECTION, CYBER SECURITY, AND REGULATORY COMPLIANCE.

Mr. Zhang practiced in private practice and in-house as senior counsel for many years. He has extensive experience in corporate and compliance work.

Mr. Zhang has advised many clients on global GDPR compliance projects. He has extensive experience in setting up data protection compliance programs in China and localizing GDPR-centric data protection programs and FTC privacy management programs in China. He has also worked on and managed the global Binding Corporate Rules project. He has extensive experience in managing global compliance projects, law enforcement actions, and setting up data protection governance structures as well as various processes to comply with EU GDPR, US laws and personal data protection laws of non-European countries, including China and APAC countries.

Mr. Zhang also advises clients on various law enforcement and contentious matters, such as criminal investigations into alleged infringement of data protection rights, mandatory privacy audits, misappropriation of confidential information by employees, and data breach response and reporting in various jurisdictions. He also advises various clients on data protection issues in relation to emerging technology such as artificial intelligence, internet of things, big data, and driverless cars.

Mr. Zhang has worked on various personal data protection related matters. These matters include conducting due diligence on target company compliance with Chinese data protection laws in M&A and investment transactions, data mapping, designing personal data collection and consent mechanisms, conducting supplier data protection due diligence, advising on cross-border data transfers and security assessments, drafting privacy policies and app user agreements, advising on data protection impact assessments (DPIA), drafting internal employee-facing privacy compliance requirements, handling data subject requests (DSR) and designing automated DSR processes, and reporting data breaches.

Mr. Zhang has represented many multinational companies and Chinese private companies on various general corporate and compliance matters in the healthcare and life sciences industries. He has advised and worked on various matters such as post-merger and post-acquisition integration, feasibility studies on China business models, drug and device promotion, medical device and life science instrument distribution, third-party sales, intermediary screening and management, government tenders, R&D collaboration and sales and marketing collaboration, intellectual property licensing, corporate restructuring and employment.

Mr. Zhang has extensive experience on various compliance matters including anti-bribery compliance, third-party vendor screening and due diligence, export control including embargo and control of dual-use items, and anti-discrimination and anti-harassment. He has also worked on various internal investigations including employee misconduct, fraud, conflict of interest and other violations of company policies and has responded to government investigations in Asia Pacific countries during his time as in-house counsel, such as responding to KCC’s investigation in Korea.

Career

Before joining Fangda in 2018, Mr. Zhang worked in Singapore as the general counsel for a US life science analytical instruments and medical device company in the Asia Pacific. Mr. Zhang also practiced law in two reputable PRC law firms in Shanghai, with primary focus on corporate and compliance as well as venture capital investment.

Professional Memberships

Certified Information Privacy Professional/Europe and Asia (CIPP/E, CIPP/A) of International Association of Privacy Professionals (IAPP)

Certified Information Privacy Manager (CIPM) of IAPP

Fellow of Information Privacy (FIP) of IAPP

Experience

Managed and worked on the global GDPR readiness compliance project and the Binding Corporate Rules project with French CNIL as project lead

Assisted a renowned China internet company in setting up a data protection compliance program to meet the requirements of GDPR and Chinese law

Advised a renowned Chinese internet company on its global data protection compliance strategy, law enforcement response protocols, and data protection framework

Advised a renowned facial recognition technology company on data protection and compliance matters

Assisted a multinational driverless car manufacturer in conducting data mapping and assessment on its compliance with the China Cyber Security Law and other regulations and national standards

Advised various OEM and parts suppliers on issues related to data surveying and mapping and to open road tests in China and assisted clients in setting up data acquisition protocols

Assisted a China-listed company in responding to a local police cybersecurity inspection

Advised various international banks on information system outsourcing, setting up CRM systems and pool of data, employee surveillance, outsourcing of KYC processes and systems, personal data protection and important data protection

Advised a foreign clearing house on Chinese national security review, important data protection and state secrets protection

Assisted a multinational company in responding to data protection infringement allegations and in setting up a data protection compliance program

Assisted a multinational heavy machinery manufacturer in categorizing important data

Assisted various multinational retailing companies in setting up data protection compliance programs in China and advised them on computerized advertisements

Assisted various multinational medical device companies in conducting data mapping and assessments on their compliance with the China Cyber Security Law and other regulations and national standards

Assisted a China-listed company in evaluating its business partner’s compliance efforts for the purpose of a global collaboration and assisted in setting up a data protection vendor due diligence process involving compliance with data protection laws of China, US, EU and South American countries

Assisted a renowned Chinese TMT company in conducting data protection compliance due diligence on the target companies in its various investments and transactions

Assisted various multinational chemical companies in conducting assessments on cross-border data transfers and preparing cross-border data transfer protocols

Advised a multinational company on the permissible extent of employee surveillance under Chinese laws

Advised a multinational company on the legitimacy of using GPS to track employees’ location data under Chinese laws

Assisted a multinational retail company in conducting data mapping and assessment on its compliance with the China Cyber Security Law and other regulations and national standards

Advised a Chinese online healthcare company on data mapping, personal data collection on its online platform, and other aspects of its personal data protection compliance

Assisted a multinational pharmaceutical company in conducting annual risk assessments in relation to personal data protection and cyber security

Assisted a Chinese pharmaceutical company in preparing a privacy policy and user agreement for its app on AppStore

Advised a Chinese medical institution on its hospital information system (HIS) and cyber security issues related to its proposed use of cloud services

Advised and assisted a wine company in localizing its GDPR-centric privacy policy

Assisted a biopharma company in preparing website terms of use and a global privacy policy for its operation in China, the US and Europe

Assisted an international certification company in localizing its GDPR-centric privacy policy for its business in China

Assisted a multinational pharmaceutical company in preparing a privacy notice to its employees in China and in revising its employee handbook in relation to personal data protection

Assisted a biopharma company in a preparing a privacy notice for its social media platforms such as WeChat

Advised a multinational pharmaceutical company on the legitimacy of sharing and processing patient health data

Advised and assisted a multinational company in personal data breach reporting to the Chinese authorities as a result of a security breach in its supplier’s system

Assisted a multinational pharmaceutical company in managing data breach notification and criminal reporting and advised on mitigation measures

Advised and assisted a multinational pharmaceutical company in conducting a privacy impact assessment for use of facial recognition technology

Advised a multinational pharmaceutical company on setting up a guest-WIFI gateway in China

Advised a multinational pharmaceutical company on personal data protection issues during regulatory registration of its medical device for drug metabolism rate tracking

Advised a multinational pharmaceutical company on its proposed deployment of digital signature technology

Researched and prepared a research paper comparing artificial intelligence laws in China and other countries

Education

Languages Spoken

-English

-Chinese