New China Data Center Helps Gigya’s Clients Manage Compliance with New Chinese Cybersecurity Law. As businesses expand into new markets to grow their customer bases through digital initiatives, compliance with widely variable data protection and privacy regulations is now one of the key competitive differentiators between industry leaders and losers.

1. DATA SHEET
As businesses expand into new markets to
grow their customer bases through digital
initiatives, compliance with widely variable
data protection and privacy regulations
is now one of the key competitive
differentiators between industry leaders
and losers.
Nowhere is this more relevant than when collecting,
managing and driving revenue with customers’ personal
information. Gigya, as the leader in customer identity
management, is committed to helping our global clients achieve and maintain data privacy
compliance as privacy regulations continue to evolve and change around the globe.
Serving The World’s Largest Retail Market
By 2021, it has been forecasted that 80% of enterprises worldwide will sell their products and
services in China via digital channels. Responding to this trend, The China National People’s
Congress in November 2016 published a revision of its existing Cybersecurity Law, with a tight
enforcement deadline of June 2017.
The law applies to any organizations defined as having “critical information infrastructure” (CII)
that collect personal data from Chinese citizens. It stipulates that these organizations securely
store and manage these customers’ data within the borders of mainland China, as long as they
are current residents. The law does make exceptions for companies that can prove the necessity
to transfer customer data overseas, but they must seek government approval prior to doing so.
The new Chinese law impacts any businesses wanting to grow their customer base through
the collection and processing of Chinese citizens’ personal data. Why? For one, many large
enterprises need to re-architect entire applications to meet compliance, with a deadline only
seven months out from the law’s enactment. Then, there are the penalties for non-compliance,
which range from financial fines to operational suspension and even criminal liability. This is why
Gigya is offering our clients access to a new primary data center in Shanghai, China.
New Data Center Helps Gigya’s
Clients Manage Compliance with
New Chinese Cybersecurity Law

2. © 2017 Gigya, Inc. | 2513 Charleston Road #200, Mountain View, CA 94043 | T : (650) 353.7230 | www.gigya.com
Gigya, the Gigya logo, and Customer Identity Management Platform are either registered trademarks or trademarks of Gigya Incorporated in the United States and/or other countries. All other
trademarks are the property of their respective owners. Gigya does not own any end user data or maintain any other rights to this data, other than utilizing it to make Gigya’s services available
to our clients and their end users. Gigya acts as an agent or back-end vendor of its client’s website or mobile application, to which the end user of our client granted permissions (if applicable).
Gigya facilitates the collection, transfer and storage of end user data solely on behalf of its clients and at its clients’ direction. For more information, please see Gigya’s Privacy Policy, available at
http://www.gigya.com/privacy-policy/.
Gigya_DS_New Data Center Helps Gigya’s Clients Manage Compliance with New Chinese Cybersecurity Law_201705
About Our New Data Center
Gigya’s China data center marks the fifth regional
data center in our arsenal, which also includes
sites in the U.S., Western Europe, Russia and
Australia. Clients using this new, cloud-based data
center can specify that Chinese customers’ data will
be stored only in our mainland China-based repository
and that all offline backups also physically remain
within the country. Since this new data center is primary,
not secondary, Chinese customer information will remain
discrete from data stored in our other data centers.
Gigya offers full redundancy as customer data is replicated in real-time between two separate data centers
located in Shanghai, and every server role operates in a cluster so there is never a single point of failure.
Gigya’s China data center complies with high-level international certifications to guarantee data security,
including ISO 27001, ISO 27018, SOC1 and SOC2. The requirements for these certifications are consistently
met by Gigya to ensure that the regulatory requirements imposed by China are met and that the data of
both Chinese and international customer bases for all of our global clients remain secure.
How Does Your Business Benefit?
The challenge global enterprises face in China is to find ways to minimize the impact this new law has
on their business, which itself is only one of many new regulatory changes around the world intended to
shore up security and improve privacy for customers’ private data.
Gigya built our Customer Identity Management platform to enable our clients to collect, manage and
secure customer identities at massive scale, while also helping companies comply with these types
of local and regional data laws and regulations. The following three components of Gigya’s Customer
Identity Management platform specifically help mitigate risks associated with the new Chinese
privacy requirements.
1. Security practice – Gigya protects all sensitive information such as personally identifiable
information (PII) with industry-standard encryption before it is stored.
2. Architecture of key systems supporting our clients’ digital applications – Gigya supports full data
backup and retention for PII and other sensitive captured data.
3. Secure cloud-based data centers in China – Gigya manages discrete local data centers in China to
support the legal collection of PII for secure customer interactions.
In addition, Gigya keeps pace with the privacy policies of more than 25 social networks and other
third-party identity providers including the Chinese networks WeChat, RenRen and Sina Weibo. This
enables Gigya’s 700+ global clients to drive new business value in international markets with minimal
risk, while building trust with their customers.
North
America
Europe Russia
Australia
China