China: Opened consultation on Measures for the Administration of Data Security in the Business Field of the People's Bank of China including cybersecurity regulation

On 24 July 2023, the People's Bank of China (PBC) opened a consultation on the Measures for the Administration of Data Security in the Business Field of the People's Bank of China, including cybersecurity regulation until 24 August 2023. The Measures outline data security obligations for entities processing personal data within the business domain of the PBC, limited to operations conducted exclusively within China. The PBC would be required to adopt data classification and grading standards. The Measures specifically address data that doesn't include state secrets and outline security measures that have to be implemented based on the degree of impact on national security, classifying them into general, important and core. Furthermore, the entities would be required to implement security measures based on data sensitivity grading, which includes 5 levels based on the harm that could pose to individuals' rights in case of breaches. The Measures specify that entities are required to assign responsibilities, allocate personnel, and consolidate accountability for data security management with specific designations for those handling important data and establish emergency response procedures.