Richard Ma

    [email protected]
     DaHui Lawyers


  • Automotive Privacy
  • Banking Privacy
  • Blockchain Cryptocurrency Privacy
  • Capital Markets Privacy
  • Children’s Online Privacy
  • Consumers Privacy
  • Corporate Privacy
  • E-Commerce Privacy
  • Education Privacy
  • Energy Privacy
  • Financial Privacy
  • Food Privacy
  • Health Privacy
  • Immigration Privacy
  • Insurance Privacy
  • Intellectual Property Privacy
  • Labour and Employment Privacy
  • M&A Privacy
  • Media & Entertainment Privacy
  • Online Privacy
  • Pharmaceuticals, Biotechnology & Medical Privacy
  • Public Institutions Privacy
  • Real Estate Privacy
  • Retail Privacy
  • Social Media Privacy
  • Taxation Privacy
  • Telecommunications Privacy
  • Tourism Privacy
  • Transportation Privacy


As one of the country’s few law firms with a foundational focus on tech, DaHui routinely assists both domestic and international clients with all their privacy, data, and cybersecurity matters related to China. We often help MNCs structure and implement dependable data practices, satisfy requirements for cross-border data transfers, perform data due diligence in M&A and investments, carry out data audits, and we assist with a wide range of related compliance matters faced by all types of companies doing business in China.

DaHui aims to provide clear, sound, and pragmatic advice on privacy, data, and cybersecurity matters. In serving as a legal vanguard on such matters, we leverage our firm’s extensive experience with China’s entire regulatory apparatus, focusing not only on written or officially announced laws and regulations, but also on the (usually more important) real-world practices and interpretive frameworks of relevant government actors. In fact, our robust expertise in this space informs practically all matters we handle, enabling us to identify and pre-empt data, privacy, and cybersecurity risks throughout our clients’ activities. As a result, our clients can operate confidently, without falling victim to the paralysis of uncertainty or becoming mired in reactive, “damage control” compliance measures, but rather empowered to focus on growing their business and transforming their commercial goals into reality.

Our services in this area include:

  • Advice on PRC legal implications and compliance in various data collection, processing, and sharing activities, including cross-border data transfers
  • Assistance in building up data compliance and privacy protection systems, policies, and security measures
  • Advice on cross-border data transfers, including assistance in carrying out data self-assessments, personal information protection impact assessments (PIPIAs), and personal information protection certification, drafting standard contracts (SCs), and carrying out and interfacing with government officials on security assessments and SC filings
  • Advice on and assistance with cybersecurity reviews
  • Conducting personal information protection compliance audits for internal or external purposes, and data protection due diligence on targets of M&A or investments, and advice on possible risk mitigation measures
  • Advice on compliance with the “Multi-Level Protection Scheme” (MLPS)
  • Advice on measures in response to data breaches and other cybersecurity incidents
  • Assistance with user and regulator inquiries or complaints, internal and government investigations, and designing and implementing rectification measures
  • Formulation of user-facing and internal data/privacy policies and practice