Chinese police have imposed an administrative penalty on Christian Dior's company in Shanghai for violating rules on data transmission, according to a government statement issued on Tuesday.

Cybersecurity departments launched an investigation after news reports in May said Dior customers in China had received text messages about a data leak.

Investigators found that the Shanghai unit transmitted customers' personal information to the luxury brand's headquarters in France without passing the safety assessment of the outbound transfer, signing a standard contract for the transfer and obtaining certification for personal information protection, the statement said.

READ MORE: Dior punished over unapproved transfer of Chinese customer data

The company also failed to fully inform customers about how their information would be processed overseas and obtain their individual consent before sending the data abroad, it said. In addition, it did not encrypt or de-identify the personal information it collected.

According to news reports, Dior sent Chinese customers text messages in May warning of a data breach. Online pictures of the messages show that on May 7, Dior discovered that part of its customer data had been accessed by unauthorized personnel outside the company.

Dior said in the message that it was investigating the breach, taking measures in response to it and reporting it to regulators.

The government statement urged personal information handlers to learn from the case and comply with the country's Personal Information Protection Law on processing and cross-border transfers of personal information.

Contact the writer at wangqingyun@chinadaily.com.cn