Published: 28 February 2022
Summary
The first data security law in China, effective as of 1 September 2021, has far-reaching impacts beyond traditional IT data classification and protection practices. Security and risk management leaders conducting business in or related to China should assess its early impacts and form action plans.
Included in Full Research
Overview
Impacts
The Chinese Data Security Law (DSL) has a different scope to the Chinese Cybersecurity Law (CSL), specifying requirements regarding how data should be processed by all organizations with operations in or related to China.
Data categorization is foundational, but with individual Chinese industry regulators yet to issue detailed guidelines, the subject of how data should be categorized remains a patchwork.
One of the key focuses of the DSL is cross-border data transfer. When certain conditions are met, and in order to send data from China to an offshore location, an explicit permit has to be acquired from a local authority, but
To view the entire document, log
in or purchase