Digital Policy Alert logo

China: Publication of draft data security law focussing on data protection

Policy overview

Description

Publication of draft data security law focussing on data protection

The National People's Congress Standing Committee publishes its draft of the Data Security Law, which builds part of the nation`s growing data protection regime. It introduces a tiered system of data security protection according to the data`s econo…

Scope

Policy Area
Data governance
Policy Instrument
Data protection regulation
Regulated Economic Activity
cross-cutting
Implementation Level
national
Government Branch
executive
Government Body
central government

Complete timeline of this policy change

Hide details
2020-07-03
under deliberation

The National People's Congress Standing Committee publishes its draft of the Data Security Law, whi…

2021-04-29
in consultation

The National People's Congress Standing Committee publishes its second draft of the Data Security L…

2021-05-28
processing consultation

The National People’s Congress Standing Committee`s consultation on the second draft of the Data …

2021-06-10
adopted

The data security law including data protection provisions has been adopted on 10 June 2021.

2021-09-01
in force

The data security law including data protection provisions has been implemented on 01 September 202…

Key regulatory dimensions

Regulated subjects

The businesses, government agencies or individuals affected by this policy or regulatory change.
producer / supplier
1
Type Private organisation
Economic activity cross-cutting
Category All
2
Type Other corporate representative
Economic activity cross-cutting
Category All

Policy change by business practice

The detailed activities within the scope of this policy or regulatory change.
personal data (all forms): data collection
Regulatory tool
Risk or other impact assessment requirement
Regulator reporting requirement
Regulator notification requirement
Regulator disclosure requirement
Designation of responsible employee
Responsive security requirement
Sanctions
Regulated subjects
1
personal data (all forms): storage (any form)
Regulatory tool
Risk or other impact assessment requirement
Regulator reporting requirement
Regulator notification requirement
Regulator disclosure requirement
Designation of responsible employee
Responsive security requirement
Sanctions
Regulated subjects
1
personal data (all forms): transmission
Regulatory tool
Risk or other impact assessment requirement
Regulator reporting requirement
Regulator notification requirement
Regulator disclosure requirement
Designation of responsible employee
Responsive security requirement
Sanctions
Regulated subjects
1

Policy change by business practice

The detailed activities within the scope of this policy or regulatory change.

personal data (all forms): data collection

personal data (all forms): storage (any form)

personal data (all forms): transmission