China: Adoption of data security law including regulation on cross-border data transfers
Description
Adoption of data security law including regulation on cross-border data transfers
The Chinese National People's Congress adopts the Data Security Law, which contains several provisions on the processing of important data by firms. Article 31 of the Data Security Law regulates the cross-border transfer of 'important data' by 'critical information infrastructure' providers. It subjects information 'collected or generated within the PRC' to the scrutiny of the Cyberspace Administration of China (CAC), as already stated in the Cybersecurity Law.
Original sourceScope
Policy Area
Data governance
Policy Instrument
Cross-border data transfer regulation
Regulated Economic Activity
cross-cutting
Implementation Level
national
Government Branch
legislature
Government Body
parliament
Complete timeline of this policy change
Hide details
2020-07-03
under deliberation
2021-04-29
in consultation
2021-05-28
processing consultation
2021-06-10
adopted
Key regulatory dimensions
Regulated subjects
The businesses, government agencies or individuals affected by this policy or regulatory change.
producer / supplier
1
Type
Private organisation
Economic activity
cross-cutting
Category
All
2
Type
Other corporate representative
Economic activity
cross-cutting
Category
All
Policy change by business practice
The detailed activities within the scope of this policy or regulatory change.
personal data (all forms): transfer (any destination)
Regulatory tool
Risk or other impact assessment requirement
Regulator notification requirement
Designation of responsible employee
Responsive security requirement
Sanctions
Regulated subjects
1