The Chinese Cybersecurity Law (CCL) provides a legislative framework to regulate the Chinese digital landscape, including the appropriate handling of personal information and important data.
This wide-reaching legislation mandates that data originating in China must be stored there, unless specific criteria are met. Should the data need to be transferred overseas for processing, the processor or ‘Network Operator’ must first conduct a security self-assessment. If the data contains personal information, individual consent is required from the data subject first; they must also be notified of who the data recipient is, the purpose, scope, content, and country the recipient resides in.
Where transfers meet the set criteria, the CCL requires network operators to entrust a government agency to conduct the security assessment and review.
Though the CCL legislation does not preclude the ability of non-domestic companies to manage Chinese data, it is vital that companies who do so ensure that they comply with, and are able to demonstrate, their adherence to these comprehensive regulations. Boldon James Classifier is an important component on an organization’s broad information governance program and is a key component in addressing CCL requirements today, and as they mature over time.
There are significant fines for non-compliance with the law – potentially up to 1,000,000 RMB. Additionally businesses can be closed, or face forfeiting their licencing to trade.