The Critical Global Expansion Checklist - Part 2

We continue our Critical Global Expansion Checklist with a discussion on preparing for commercial compliance – including IP protection and trademarking, data privacy, and information law to help you do business securely and compliantly from country to country.


Our guest expert is once again Linda Lim. She is Director of Client Services at Global Upside and manages all aspects of international expansion and has over 20 years’ experience in international finance and operations. She has worked in finance management roles in China, Hong Kong, UK, and the USA.

Topics discussed include:

Preparing for Commercial Compliance
  • IP Protection of your product, services, brand
  • What type of training should the new employees undergo in the new entities/ countries on your policies regarding security, trade secrets, compliance, trademarking, etc.?
  • Start the trademark protection process years in advance of going into foreign markets
  • What are the local anti-bribery rules?
  • How should the company ensure compliance with the U.S. FCPA and any such local rules?
Data Privacy and Information Law

Things that are important to prepare for include:

  • Are there any data privacy registration requirements?
  • Will the data flow trigger any data transfer obligations?
  • Are there any customer/employee notification requirements?
  • Are there any requirements regarding contracting with third-party service providers?
  • Are there any requirements due to any monitoring (CCTV, computer, etc.)?
  • Is there any privacy policy (internal/ external) requirements?
  • Are there any requirements due to payment obligations?



Welcome to the Globig podcast where we talk to international expansion experts from around the world to make it faster and easier for you to take your business global.

Hi everyone. I am Anke Corbin, your host today on this Globig podcast. So, today our hot international expansion topic is – The critical global expansion checklist. Now, this is part 2. Today we are gonna talk about commercial compliance preparation, things such as data privacy and information law, IP protection, things like that.

To listen to part 1 which was focused on corporate set up, governance and taxes, you can link to the podcast from this blog article that you will find the podcast on. Our guest today is Linda Lim, the Director of Client Services at Global Upside. She manages all aspects of international expansion and has over 20 years’ experience in international finance and operations. And she started her career with KPMG Singapore and then subsequently in senior financial management roles in China, Hong Kong, UK, and the US.

So, Linda welcome back to part 2 of this podcast series.


It’s good to be back.

Preparing for Commercial Compliance


So, today we are gonna talk about commercial compliance and how to really think about what really all those pieces, but I think for the most part that definitely will include IP protection, trademarking, data privacy, and information law.

So, the first one I want to touch on is really IP protection and I imagine this is a really complicated topic, it’s a complicated topic in a sense that it is broad about trade wars and all sorts of things that we see in the news pretty much every day, certainly in the business news and that and especially when you are thinking about certain countries where the IP is really considered different and the way we consider it. So, give us a little sense of what we are talking about here with IP protection and how, why people approach this and how do you approach it with your clients?


Sure. So, in today’s global regulatory environment, I think it is possibly pretty challenging for many companies to effectively manage what we generally call the corporate compliance efforts and of course that includes the intellectual property which is generally referred to as IP and usually a robust and balanced compliance programs for many important purposes to meet these challenges when in the event when such programs are well-constructed and properly implemented. For example, they tend to help prevent some corporate directors, officers, or even employees for engaging in any illegal activities or even competitors or your customers.

And in terms of intellectual property protection, typically it encompasses three different areas, the three main types that we usually encourage our clients to review and take a look before they even start or launch a new product or service line. These three main types are a trademark, copyright and the last one is patent.

So, trademarks I believe most of you know is basically like protecting names, slogans, symbols or even company logos that usually identify a business or brand. Copyrights are usually something that you protect original work. Most likely it is in terms of an area of writing something. The last one, patent, is really just to protect the original advantage of functional characteristics of either a product, mostly product lines that they will try to enforce legally to protect something that they created firsthand. And of course, in order to protect this worldwide, typically, many companies do not know that in each country there might already exist a trademark or copyright or patent right already in place especially if you start from the US and try to branch out outside the United States.

A lot of times the requirement can vary, and for new businesses especially, going to a new market it is actually important that our clients will actually take a look at all these three different property protection in order for them to actually go into the market at the right place at the right time.

First of all, usually we will encourage our clients to actually do research. That can be usually done through either professional or from even any other. There is also some IPs protection firms that really focus on doing that. They would too make sure that they conduct research whereby they will see if they have any existent ownership of around having some trademark or copyright or patent rights owners already exist today.

Many times, it is pretty common that especially for trademark for companies name for the corporate ones use the name a specific way it might not be used or ever be used in a certain country because somebody already own that legal name or trademark and of course there are ways to obtain that by usually it comes as a high price especially if its owners actually know the market price linked to it.

So, usually I encourage them to first make sure that no one already owns that right in that country and then once they know that that is clear, then they would actually go through all the legal means to make sure that all the IP rights are being applied at the right timing before they actually even launch a product.


You know what are the things, I do a lot of work with accelerators and one of the things that we try to make founders aware of is they because they have quite a bit of, they have a high profile when they come through some of these programs that it’s not uncommon for someone in another country where say, register you know first register trademark registration process to have their names and their logos even trademarked before they even go into those countries and so if at all possible and if we know that they are going to be expanding into certain markets very quickly we try to get them to consider the trademark process fairly early in their journey vs waiting till it’s too late, since it sometimes can take years to actually have that trademark to run into that as well just knowing that a lot of, I mean you had mentioned that number of times that trademarks are already taken.

So, then what do companies usually choose to do after that?


Well, this is, always boils down to ‘Do they really want their trademark or not?’ So, if you know a corporate parent company insists, they want it throughout worldwide as a commentary mark. Many times, you can actually negotiate for to take over the ownership in that country if someone already owned it and if they are willing to release their ownership and do the transfer, it is possible that usually, you can get it with proper documents. And actually, there are many cases that people want to do that because they want to protect the trademark names that they have had over the years especially it’s a local name that a lot of customers know worldwide. Though it is pretty common that a lot of corporate companies that actually go-ahead to actually own it by taking over ownership.


Ok. So really you should know that if you don’t register fast you most likely will need to acquire or rename or do something little bit different but most companies don’t really like having to start with a new brand in a new country. Right?


All right. Because starting a new brand, a new I mean it takes a lot of marketing efforts to actually build a brand and it takes time and resources. It is not like it happens instantly so that’s also involved. A lot of costs, a lot of time planning, a lot of resources to actually build out a brand where it is going to be known in the market, but let’s say in the US, that the parent company or whichever parent company actually really own a brand or name that they already have established over the years and just wanted to bring that brand to a new market and yet it is not available and that’s why one of our biggest challenge there, some of these known household brands or you know consumer brands that you know people go into that they know and many time it could take even a long period of time even just to acquire depending on how soon the owner is willing to release that.


Right, makes sense. You had mentioned trademark and patents and things like that but we see an, let me know, if you guys see this as well, while companies try to protect softer IP such as maybe customer lists or a formulation of how they do something that they did not get any sort of patent around or but it’s still considered intellectual property so it makes it really a little tougher but then they do try to protect it through contractual means and things like that. Is that something that you are seeing as well? I just know that there are other softer things that are just so much tougher to protect.


It is indeed that as the business expands a lot of this information, especially pertaining to clients, is critical for a business to run. In the long run many companies today actually help secure their data in terms of non-disclosure agreements, confidentiality agreements, or non-compete clauses. These agreements are actually enforced even prior to going to a contractual agreement with especially a major client. Many times, I think a non-compete agreement is pretty common, especially for making sure that you don’t disclose any information, or you don’t go into a similar market or become competitors for business reasons.

But in today’s world, anything is possible and especially for social media, the technology is very easy to reach out to somebody. I mean we used to always say that you can always agreement but typically a lot of times you know it’s no longer possible in a certain country. You will see like in Brazil, right now the government is imposing a lot on that system just to impose some laws to ensure there is enforcement against the corruption.

Many of the companies find it hard today to actually do business in Brazil because of that reason. For a new company wants to go and create a new brand in Brazil it is not easy because just setting up a company there it takes time. It’s even worse if you want to set up a bank account and all this is actually making it harder to actually do business worldwide. So many times, I will encourage in order for good companies to actually fund worldwide businesses or internationally that are from basically there are five principles companies can actually take a look in terms of ensuring that corporate compliance as per in protecting their IP or rights.

And, one of the elements actually includes leadership, reassessment in placing standards and controls, training and communications, to employees, to parties, clients or even vendors and just making all this known to everyone. And when we talk leadership issue, a lot of times actually is, how the company is being run in each country. The management actually thinks that in the current role in making sure that all this compliance program is actually built on a very solid foundation because once it comes from the top then it boils down to each level of the corporate office. They have to make sure they do this the right way and many times the company compliance officer should be the individual that will be ultimately responsible for all the corporate conduct.


Right. You know you had mentioned something earlier about corruption and I have seen a lot of certainly, a lot of conversation around it and even some regulations that are changing in a number of different countries to make it easier to do business and that’s related to corruption and anti-bribery and things along those lines.

Whether you are seeing what countries are going through some of those processes what are the risks if you try to play that game you know I always believed that if you are the foreign company you should always stay above board and always follow the regulations because you are gonna be the first one that is gonna be held up as an example. So, you know that’s always my statement just do not ever go down that path but I do see some countries now trying to pave that way so that is just a little bit of a more fair playground, right?

A little more, it is just easier to not have to do with bribery and that sort of thing. So, what are you seeing in that market, in that aspect?


I think one key thing is for any country, transparency is the main goal. Especially lately, there are a few countries that have started to impose very strict rules about compliance. Very common ones are Brazil and Mexico. Right now, that all businesses have to use a local system to record every single transaction be it outgoing or incoming transactions that pay a vendor, or dealing a client, all this has to go through their local systems whereby every single transaction has a transaction reference number.

We are just trying to make sure that all the transactions are accounted for. There is no bribery, there is no corruption. Basically, they just want to make sure that everyone follows the rule that if anyone does not comply it is actually a huge penalty if you ever get audited and is not maintaining a local set of books. Basically, your business cannot survive because they will just put a stop to it. Even if not paying a huge penalty basically you will lose the license to run the business there and this is very serious for companies that invest so much into growing their market.

Of course, there continue to be a lot of challenges especially for, let’s say, a parent company trying to retain control at a corporate office and yet they need to maintain a local set of books whereby they do not have a presence of resources and that’s where they have all these challenges of not being able to comply with these requirements and many times Global Upside has actually really helped many of our clients to actually establish their system and manage to actually comply with local requirements and yet allow the clients to focus on their core businesses so they don’t have to worry about their reach of being you know of not being able to comply with the requirements locally.

Data Privacy and Information Law


Right. That’s the tough part I think, is going down to the local level. That is so challenging to and it’s something that you really can’t do without someone understanding it on the ground. Right? Let’s jump topics to data privacy and I think most of our listeners should be very, very familiar with the GDPR or the general data protection regulation into the EU that came into play in what 2018 and in May. Right?

You know each country does have cybersecurity information regulation as well as data privacy protection and regulations to be aware of and frankly to prepare for in advance. What are you seeing in that? How critical is it to get that taken care of in the advance? What are some of the things that you know people need to be kind on top of?


All right. GDPR I think, it’s a very known concept especially in the European Union whereby it does affect how the businesses collect, store, and manages the personal data, user data especially for the citizens of the EU member states. And many times if you are not in the EU basically you don’t even know the concept because this is very much was started there and it has actually influenced a lots of international businesses because there are so many companies that actually deal with EU based clients and many times you know it has actually been known whether they are in compliance or not.

We have like clients that for example want us to, for example, implement a payroll in Russia and Russia has very strict GDPR requirements that they don’t even allow you to even share any information via email or internet means or any virtual communication. Everything has to be paper document and must be stored basically locally and this can be challenging for especially for us in this generation they allow basically things as done virtually over the internet, right?

And this can be very stressful for businesses that try to run a business outside Russia. With GDPR you actually have to get the consent of the user or the owner of the personal data to make sure that they consent to release such information to be used by the third-party so that they are aware or fully aware who has managed to get hold of their data and they are fully aware.

So it’s also part of the transparency that they are trying to do and yet trying to protect the onus of such data and the penalties of non-compliance are very severe which many people probably do not know and it varies in each case but in some serious cases if there is caught a breach of GDPR, you can be fined from 2% of their annual worldwide turnover of the preceding or it can be up to 4% or you know in Euros it could be up to 20 million whichever is greater and this actually applies to both the data controllers and data processes meaning even cloud organizations are not exempt from the enforcement. So, if you are not only the companies are being held responsible, but the people who have to manage their storage data are also liable for it.


And you are seeing the GDPR really influence, you are seeing the GDPR influence other countries outside of the EU as well as an approach to data privacy and even know how they manage it and any sort of fines. So, it’s not just the EU which is really fascinating and it is surprising how few companies are either compliant or aware of how a big of an impact this really has.


Right. And it becomes a very common topic or actually more and more people are talking about it because they realize that you know it can reach to very severe consequences if let’s say they do not comply with the GDPR requirements and these main areas that we always encourage our clients to review about all this data privacy especially one they need to disclose if there is any breach of personal data they need to do it fast.

Two, they also must allow them that they do have a consent which means a written consent by the owner that they do have the right to access to some personal data.

We also need to also allow the right to be forgotten or what we call the data erasure means that they actually give the consent from the owner that you have the right to remove the data. That also includes providing the data portability that means you can actually move data from one storage to another storage in the event that you change your cloud provider or your data storage provider. You need to actually make sure that you have the release form that you are able to transfer the data. That also includes data protection from designing the system and you know that you make sure that it covers the GDPR protection as well.


What are you seeing in other countries? So, GDPR is very much of an EU concept but are you seeing the same sorts of things in South America, you are seeing this in Asian countries and you know what’s kind of the trend?


I think the trend is, it will spread through Asia and even South America sooner or later. Usually you know once it starts somewhere, it will spread, especially international business expansion is so common and once the business grow big or when the data sharing is going to, there’s bound to be a boundary where you can’t go and frankly, in my opinion, GDPR eventually will always branch out to all these countries and of course, we often think that people when they go into a new country, they always have to evaluate and make sure that they get themselves prepared.

So, that’s some of the things that are important to actually think through before even they manage to enter into a country and start running business is, (1) Is any data privacy registration requirements (2) Is the data flow going to trigger any data transfer obligation (3) Is there any customers or employees or even vendors notification requirement, and then (4) Is there any requirement regarding contracting vendors, are there any requirements relating to any data monitoring (for example, are you allowed to save some information either through your computer or through online platform, or even through CCTV), and finally is there any privacy policy requirement, be it internal or external, and also is there any requirement due to payment obligation.

So, these are the things that we call the checklist that they should actually watch out for especially considering the data privacy and the information law.


What’s the difference? So what information law? Is it primarily related to cybersecurity? And then for data privacy and data, are deciding whether the company can do something with it? What do countries have as information law vs data privacy law?


A lot of data privacy really relates to relying more on personal data. Information law many times circles around like specific either the company or even the industry. Some information that relates to the particulars specific industry. Some of the countries do have specific laws regarding that and that’s why it is more important for companies to actually think of such requirements especially going into a new country.

Closing Thoughts


Absolutely. That makes a lot of sense. That’s really great helpful information. I want to make sure I remind our listeners that this is part 2 of our series on the critical international expansion checklist. So, don’t forget to listen to part 1 because there is a whole lot of important advice in that one as well. Then I want to thank you for joining us. It’s always a pleasure to have you. This was really really helpful and I think it will help a lot of people go abroad.


Oh, thanks for having me on the podcast. If anyone has any questions about what we discussed today feel free to reach out to me at


And we will make sure to have Linda’s information as well as the downloadable critical international expansion checklist from Global Upside available so that it makes it just super easy for you to kind of go through. But having someone like Linda help you walk through, definitely get a hold of her, she’ll give you some really great advice as to where to start. Make sure you join the free Globig resource hub on If you are serious about doing business internationally, we can help you with connecting you to great international services such as Global Upside as well as just helping to make your day to day so much more productive. So, don’t forget to subscribe to this podcast channel for more fantastic international expansion podcast. Thank you for joining us and go global and go big.