China – New Data Security Law adopted and will come into force on 1 September 2021
Author
Browse this blog post
Related news and insights
Publications: 03 April 2024
China passes provisions to relax the cross-border data transfer regime
Blog Post: 13 June 2023
China - CAC issues guidance on filing standard contracts for export of personal information
Publications: 02 March 2023
China refreshes the regulation on archives administration in relation to overseas listings
Blog Post: 01 February 2023
China brings into force Regulations on the Administration of Deep Synthesis of Internet Technology
Compared to previous drafts, the final Law introduces stricter requirements in relation to the processing of state critical data (i.e. data related to national security, economic security, important people’s livelihood, or material public interest) and increases the penalties for non-compliance. In addition to steep fines of up to RMB 10 Million, these penalties may include suspensions of operations, revocation of operation permits or business license, sanctions for non-compliant transfer of ‘important data’ outside China and fines imposed on company officials directly responsible for violations.
The Law will have extra-territorial reach, expand data localisation requirements to any organisations processing ‘important data’ (and not only to operators of critical information infrastructure), and impose requirements on entities to obtain authorisation for disclosure of data stored in China in response to requests of foreign judicial or law enforcement agencies.
The Law will enter into force on 1 September 2021.
The NPC’s press release is available here and the Law is available here (both in Chinese only).