The Cyberspace Administration of China issued a document: In these cases, data exit security assessment should be declared!

　　China News Service, July 7th. On the 7th, the Cyberspace Administration of China announced the "Measures for Security Assessment of Data Exports" (hereinafter referred to as the "Measures"), which will come into force on September 1, 2022.

　　The "Measures" make it clear that these Measures apply to the security assessment of important data and personal information collected and generated in the territory of the People's Republic of China provided by data processors abroad.

It is proposed to adhere to the principles of combining pre-assessment and continuous supervision, and combining risk self-assessment and security assessment for data export security assessment.

　　The "Measures" stipulate the situations in which data export security assessment should be declared, including data processors providing important data overseas, key information infrastructure operators and data processors handling personal information of more than 1 million people providing personal information overseas, self-registration Since January 1, 2019, data processors who have provided personal information of 100,000 people abroad or sensitive personal information of 10,000 people abroad have provided personal information to other countries and other situations that require declaration of data export security assessment as stipulated by the national cybersecurity and informatization department.

　　The "Measures" put forward specific requirements for data export security assessment, stipulating that data processors should carry out data export risk self-assessment before applying for data export security assessment and clarify key assessment items.

It is stipulated that the data processor shall clearly stipulate the responsibility and obligation of data security protection in the legal document signed with the overseas recipient, and the situation that affects the security of the data export shall be re-applied for the assessment within the validity period of the data export security assessment.

In addition, it also clarified the data export security assessment procedures, supervision and management systems, legal responsibilities, and compliance rectification requirements.

(Zhongxin Finance)