China: Implementation of data security law including regulation on cross-border data transfers
Description
Implementation of data security law including regulation on cross-border data transfers
On 1 September 2021, the Chinese National People`s Congress adopts the Data Security Law, which contains several provisions on the processing of important data by firms. Article 31 of the Data Security Law regulates the cross-border transfer of `important data` by `critical information infrastructure providers. It subjects information `collected or generated within the PRC` to the scrutiny of the Cyberspace Administration of China (CAC), as already stated in the Cybersecurity Law.
Original sourceScope
Policy Area
Data governance
Policy Instrument
Cross-border data transfer regulation
Regulated Economic Activity
cross-cutting
Implementation Level
national
Government Branch
legislature
Government Body
parliament
Complete timeline of this policy change
Hide details
2020-07-03
under deliberation
2021-04-29
in consultation
2021-05-28
processing consultation
2021-06-10
adopted
Key regulatory dimensions
Regulated subjects
The businesses, government agencies or individuals affected by this policy or regulatory change.
producer / supplier
1
Type
Private organisation
Economic activity
cross-cutting
Category
All
2
Type
Other corporate representative
Economic activity
cross-cutting
Category
All
Policy change by business practice
The detailed activities within the scope of this policy or regulatory change.
personal data (all forms): transfer (any destination)
Regulatory tool
Risk or other impact assessment requirement
Regulator notification requirement
Designation of responsible employee
Responsive security requirement
Sanctions
Regulated subjects
1