With the successive promulgation of the Cybersecurity Law, Data Security Law, Personal Information Protection Law, and their supporting regulations, compliance requirements for cross-border data transmission have become a task that Chinese enterprises must take seriously. Specifically, enterprises with a need for Cross-Border Data Transmission (for example, overseas companies investing in and establishing production or trade enterprises in China, cross-border e-commerce stores, etc.) should establish their own cross-border data export compliance system in accordance with these legal requirements. However, the issue here is, how can companies with relatively small data outbound volumes, especially for these small and medium-sized enterprises (SMEs), act according to their needs and strive to set up a data outbound compliance system that meets the requirements of regulators at the lowest possible cost?

In practice, numerous foreign companies have accumulated good reputation and brand value in China through long-term and extensive use of their business names (abbreviations, trade names). However, due to various reasons, the business names of these foreign companies, or other names highly similar to their business names, might have already been directly registered in China as trade names by infringers, and used in the same business field. On one hand, this rush registration might lead to confusion among the public, and preempt the business opportunities of the original owners of the business names. On the other hand, if these foreign companies, as the original owners of the business names, intend to enter the Chinese market and establish entities on their own one day, failure to register their own business name might also be an obstacle to their business development.

Suppose a German company A, with affiliate entity in China a. For the consideration of unified company management and marketing, employees of all affiliated entities of company A use a unified mailbox service system, for example: user@A.com . In addition, the mailbox server of company A is built in Germany. When the employees in a use the mailbox service whose server is set up in Germany, will it cause the domestic party exporting personal data?