On 14 November 2021, the public consultation opened for the Draft Regulations on the Administration of Network Data Security. The draft in question is intended to implement and to further specify the details of the (i) Cybersecurity Law, (ii) Data Security Law and the (iii) Personal Information Protection Law (PIPL). As the draft provides, data shall be classified and thus fall under the categories of (a) general data, (b) important data and (c) core data. The state would focus on the protection of personal information and important data and would strictly protect core data. Further data protection obligations are also being specified and added in the Regulations on the Administration of Network Data Security. Moreover, in case data processors process the data of more than one million people, chapter 4 of the Regulations on the Administration of Network Data Security provides for additional data protection requirements: For example, a data security management agency has to be established within the company. Furthermore, in order to share or trade important data, as well as to entrust the processing of important data third parties, a governmental consent is required. Public consultation is open until 13 December 2021.
Original source