Digital Policy Alert logo

China: Publication of draft data security law including cybersecurity measures

Policy overview

Description

Publication of draft data security law including cybersecurity measures

On 03 July 2021, the draft of the Data Security Law including cybersecurity measures was published. It contains several provisions on the processing of important data by firms. The focus lies on data security and the protection of individual rights, for which requirements such as the appointment of a person responsible for data security and risk assessment are introduced. Furthermore, Art. 30 sets out rules for data transaction intermediary services.

Original source

Scope

Policy Area
Data governance
Policy Instrument
Cybersecurity regulation
Regulated Economic Activity
cross-cutting
Implementation Level
national
Government Branch
legislature
Government Body
parliament

Complete timeline of this policy change

Hide details
2020-07-03
under deliberation

On 03 July 2021, the draft of the Data Security Law including cybersecurity measures was published.…

2021-04-29
in consultation

On 29 April 2021, the consultation for the Data Security Law including cybersecurity measures opene…

2021-05-28
processing consultation

On 28 May 2021, the consultation for the Data Security Law including cybersecurity measures closed.…

2021-06-10
adopted

On 1 September 2021, the Chinese National People's Congress adopts the Data Security Law, which con…

2021-09-01
in force

The Data Security Law, which contains several provisions on the processing of important data by fir…

Key regulatory dimensions

Regulated subjects

The businesses, government agencies or individuals affected by this policy or regulatory change.
producer / supplier
1
Type Private organisation
Economic activity cross-cutting
Category All
2
Type Other corporate representative
Economic activity cross-cutting
Category All

Policy change by business practice

The detailed activities within the scope of this policy or regulatory change.
personal data (all forms): data collection
Regulatory tool
Regulator reporting requirement
Designation of responsible employee
Responsive security requirement
Sanctions
Fine
Regulated subjects
2
Regulatory tool
Risk or other impact assessment requirement
Sanctions
Regulated subjects
1
Regulatory tool
Sanctions
Fine
Regulated subjects
1 2
personal data (all forms): storage (any form)
Regulatory tool
Regulator reporting requirement
Designation of responsible employee
Responsive security requirement
Sanctions
Fine
Regulated subjects
2
Regulatory tool
Risk or other impact assessment requirement
Sanctions
Regulated subjects
1
Regulatory tool
Sanctions
Fine
Regulated subjects
1 2
personal data (all forms): transmission
Regulatory tool
Regulator reporting requirement
Designation of responsible employee
Responsive security requirement
Sanctions
Fine
Regulated subjects
2
Regulatory tool
Risk or other impact assessment requirement
Sanctions
Fine
Regulated subjects
1
Regulatory tool
Sanctions
Fine
Regulated subjects
1 2

Policy change by business practice

The detailed activities within the scope of this policy or regulatory change.

personal data (all forms): data collection

personal data (all forms): storage (any form)

personal data (all forms): transmission