As the May 2018 General Data Protection Regulation implementation date looms closer, global companies’ legal leaders have data privacy rights in Europe on the brain. But those familiar with China’s ever-evolving data rules and standards say it’s important global companies focus on more than just Europe.

Though China’s Cybersecurity Law, which controls how data in the country can be collected and shared, has been around in some form since 2016, it’s been updated and clarified on an ongoing basis. On Jan. 25, the Standardization Administration of China published the full text of the Information Security Technology—Personal Information Security Specification, a set of best practices to ensure CSL compliance.