LCOUNCIL法总专访 | 凯士比泵黄早早：数据合规治理与企业数字化转型的 协同发展

本期嘉宾

   Guest

法总专访

   Exclusive Interview

KSB Shanghai Pumps has made great achievements in digital transformation. Could you please introduce the legal compliance team structure of KSB Group? What role does the team play in the digital transformation of the enterprise?

Looking at the Legal Compliance team structure across the group, first of all we have a large team that covers the traditional legal and compliance functions, which is our Legal & Compliance department. In addition, we have a dedicated export control team, trademark and patent team, and a full-time data protection officer at headquarters responsible for data security. Together, these functions form the overall structure of the legal compliance team at Group level. In each region, we will deploy 3 to 4 regional legal personnel, and the local level may depend on the actual needs of each company, for example, in the larger business volume of local companies, such as India and France, will also set up full-time specialized legal personnel.

In terms of digital transformation, in fact, the entire Group has an overall digital transformation target up to 2030. In the North Asia region, in order to better drive and support the digital transformation of enterprises, separate from the conventional traditional functions, we have set up a digital committee. In this committee, I also assumed the role of Data Protection Officer in order to communicate directly with the data Protection Officer at the headquarters in Germany, so as to open up the channels of data sharing and cross-border data flow, and effectively promote the digital transformation process centered in North Asia.

How does a legal adviser in a multinational organization perform routine functions in a constantly changing environment?

There are two possible backgrounds to this issue. First, I cover 10 companies in China, Japan and Korea, with 1,500 full-time employees. In addition to communicating with the companies in these coverage areas, I also need to maintain close contact with the functional departments in the German headquarters. My work spans traditional legal affairs, compliance work, import and export controls, intellectual property management, data security and general governance of local companies. This requires me not only to act as a sole legal counsel, but also to play the role of a generalist. In handling these tasks, I have always adopted a positive attitude of embracing different cultures, and tried to understand and respect the cultural backgrounds and language habits of different countries and regions. When communicating with colleagues in the German group and affiliated companies, I will first understand the cultural habits of the other side, play the role of listener, and then export my own ideas and ideas to achieve better communication results.

Secondly, I am always curious and enthusiastic. Curiosity drives me not only to focus on knowledge and skills in the field of law and compliance, but also to learn and understand the fields of the company's business and different functional departments. Passion is the driving force that drives me to continuously improve myself and contribute to the output of the position. I believe that those who can make progress, whether they are legal professionals or later embark on the road of legal workers, can actually see that their enthusiasm is a self-driven power, not some external recognition. Unlike some lessons learned, these self-requirements are also important.

What are the key concerns of legal in enterprise digital transformation and data security? For example, the new ecology of the Internet of Things digital economy brings more practical considerations, the centralized embodiment of the key data security and compliance requirements of the sales contract terms, or the establishment of a perfect compliance management system by the digital Management Committee.

With regard to this issue, thank you very much for the three aspects and examples you mentioned. Before discussing these specific work contents, I would like to explain the work thinking of our legal department. Enterprise digital transformation is needed to drive each function to provide support. In the process of transformation, legal services need to actively adapt and integrate into this change. Our work ideas are mainly reflected in two aspects: First, from the back end to the front end, in-depth understanding of the transformation strategy, business areas and product development. While legal professionals cannot be as professional as technical and business professionals, having this background information is essential to solving practical problems. Secondly, legal personnel should try to change from the role of simple legal affairs to the role of general affairs, broaden their technical, business and even financial perspective, especially tax perspective and the sense of smell in the industry, to understand the industry dynamics, in order to adhere to the premise of legal principles, to provide more comprehensive support. By following this line of work, we can better focus on key issues in digital transformation and data security.

To go back to some practical work on the three aspects mentioned in your previous question, first of all, a big background of the digital transformation of our traditional production hardware is the Internet of Things. In the wave of digital economy, from a strategic point of view, we need to be brave to try new approaches. In this context, in the new ecology of the Internet of Things and the digital economy, legal appears more as a business partner to provide support from a business perspective. In addition to understanding the state of the business, legal professionals also need to follow legislative developments to provide legal advice and solutions for the business. This is the main responsibility of legal affairs in the field of iot.

For the gist of the terms of the sales contract, I would like to share the following experience. Our company was originally mainly engaged in the hardware manufacturing of pump and valve spare parts, which belongs to the traditional manufacturing industry. We encountered some challenges when researching the terms of the sales contract. To develop a set of terms that would apply to software sales, we started almost from scratch. Unlike hardware sales, software sales involve specific issues such as data security, classification and grading of industrial data, collection, processing, storage, sharing and retention period of data, all of which need to be clearly defined in the contract. At the same time, we also consider aspects such as the protection of personal information. By 2023, we have successfully achieved a sales model that combines hardware and software. The sales team can choose the applicable hardware or software terms, or both, according to the actual needs, thus realizing the packaging of traditional hardware and software. We have developed a very complete set of contract models to meet both hardware and software sales needs. However, from a legal point of view, our work is not over. We need to update and adjust this set of sales contract terms according to legislative dynamics and business development to adapt to changes in the law and the market. This is what I want to share about the terms of the sales contract.

The third point is about the establishment of our unique digital management committee in North Asia. Within the commission, I have the role of Data Protection Officer, which is a completely separate function. In addition to data protection, I am also responsible for all intellectual property layout work related to digitalization, including trademark registration, maintenance of Copyrights for patented software, etc. I report directly to the Director of the Digital Management Committee, who is headed by my immediate superior, the President of North Asia. The Digital Management Committee has been established specifically for digital transformation across the Group and regions to bring together the best resources within the existing structure to advance digital transformation efforts. I accepted the challenge and was certified by the China Network Security Certification Center (CCRC). For companies in the same manufacturing sector or facing diversified digital transformation, if legal support and data security work is more centralized, it is recommended to consider building a similar virtual organization to carry out digital-related work more effectively.

Can you share how the legal team worked closely with other departments to ensure data security and compliance during the digital transformation process of KSB Shanghai Pumps?

About this issue, it is mainly divided into three levels, in fact, it is directly matched with the area I cover and the reporting line. The first is the local company level, which is the actual work level, including technical staff, sales teams, finance and product management functions, who are responsible for the concrete implementation of the digital transformation work, such as design quotation, product development and other time and money investment. The second is the regional management level. As my level, it is more of a strategic level, responsible for formulating the strategic development direction and business layout, guiding the future expansion direction and major investment. After determining the strategic direction, the implementation of specific initiatives will be carried out at the local company level. Finally, at the headquarters level, I define it as the reporting level, because the headquarters is in Germany, and the communication is mainly a regular or irregular display of results, while taking into account the data security requirements of the German headquarters. Reporting to the headquarters is mainly to open up data exchange and cross-border data flow with Europe, while complying with Chinese and EU laws and regulations. At present, I will directly receive these three levels and provide corresponding support according to the positioning of different levels. Ideally, there should be dedicated legal staff at the local level to provide day-to-day support, while there should be a higher level of coordination at the regional and headquarters level to maximize digital transformation efforts across China while meeting headquarters' expectations.

In the context of digital transformation, how do you see the development of data protection law and the impact of its legal work?

Regarding this issue, I think we can look at it from two aspects. First of all, for us legal workers themselves, in the context of digital transformation, we need to keep an open attitude, constantly learn new legislative dynamics, and accept and change our working thinking. This is both a challenge and an opportunity. If we can seize the opportunities and meet the challenges, we have the potential to stand out in the context of digital transformation and become more aligned with the business and strategy of the legal talent.

On the other hand, in the overall context, digital transformation is not just about products and research and development. While the digital transformation of traditional manufacturing may not be as direct or rapid as that of Internet companies or AI companies, we can still sense the profound impact of digital transformation on the business environment at the world level. As legal practitioners, we should be aware that many legislative and judicial practices may lag behind changes in the business environment. Therefore, in the wave of digital transformation, we need to maintain a keen sense of smell, not only to learn new legislation, but also to judge which legislation and changes are likely to be only transitional and which legislation is likely to be amended in the future by way of other interpretations or regulations to better guide practice. Such an environment is also conducive to enhancing the legal thinking and legal sense of our legal professionals in their daily work.

As technology continues to evolve, what new challenges do you see for data security and legal work in the future?

In the context of digital transformation and changes in the business environment, legal professionals are facing new career choices and development paths. On the one hand, we can choose to continue our traditional legal practice, focusing on areas such as contracts, litigation and compliance. On the other hand, we can also consider incorporating data security and data protection into our work scope to become a more comprehensive legal talent. This option could lead to new job opportunities, especially in foreign-owned enterprises and public companies where the role of data security and data protection officers will become increasingly important. However, this transition comes with some challenges, as different companies consider whether to train existing personnel to take on this additional branch of work based on their own cost and structure. As legal professionals, we should carefully consider this opportunity for career transformation, and if the company and industry we work in does have such a transformation plan, then we can consider accepting this challenge to make our career development more comprehensive. This can not only enhance our professional quality, but also make a greater contribution to the development of the company and the industry.