The Chinese National People’s Congress is currently considering a new law on cybersecurity that could have a far-reaching impact on data management in China. While the legislation is not yet in effect, it highlights the need for companies to familiarize themselves with China’s varied data privacy and cybersecurity laws as they currently are, and how they may be in the near future. This, the first part of a two-part series, provides insight from practitioners in China explaining the various sources of law governing data management in China and what types of information are covered by the law. In the second part, we will explore practical implications of these laws with regard to employee relations, particularly during internal investigations and due diligence. See our two-part series on China’s State Secrets Law: “A Primer for Anti-Corruption Practitioners (Part One)” (Jun. 29, 2016); and “Six Things to Consider When Engaging in Internal Investigations in China (Part Two)” (Jul. 13, 2016).