Rules Navigator

Register

Dior’s Shanghai branch penalized for non-compliant cross-border data transfer

Pedestrians walks past a huge Christian Dior installation at a shopping mall on December 14, 2022 in Shanghai, China.
Dior installation at a Shanghai mall. Photo: Yifan Ding/Getty Images

Panpan Tang | CMS

 Click to share on Facebook (Opens in new window/tab) Click to share on Twitter (Opens in new window/tab) Click to share on LinkedIn (Opens in new window/tab) Click to share on WhatsApp (Opens in new window/tab)

Investigation into Dior’s global data breach uncovered compliance shortcomings in cross-border data transfer, user consent, and data security.

In May of this year, multinational corporation (MNC) Dior experienced a global customer data breach. On May 12, 2025, consumers worldwide, including those in China, received a text message from Dior informing them that on May 7, 2025, it was discovered that some consumer information had been accessed by unauthorized

China’s Cybersecurity Department, part

Free Trial

Register for free to keep reading.

To continue reading this article and unlock full access to GRIP, register now. You’ll enjoy free access to all content until our subscription service launches in early 2026.

  • Unlimited access to industry insights
  • Stay on top of key rules and regulatory changes with our Rules Navigator
  • Ad-free experience with no distractions
  • Regular podcasts from trusted external experts
  • Fresh compliance and regulatory content every day
Register for free Already a member? Sign in
, , ,
You may also like