The National Internet Information Office announced the "Measures for Evaluation of Data Outbound Security"

On July 7, the National Internet Information Office announced the "Measures for Evaluation of Data Outbound Security" (hereinafter referred to as the "Measures"), which will be implemented from September 1, 2022. The relevant person in charge of the National Internet Information Office stated that the "Measures" aims to implement the provisions of the "Network Security Law", "Data Security Law", and "Personal Information Protection Law", standardize data outbound activities, protect personal information rights and interests, safeguard national security, and safeguard national security With the public interest of the society, promote cross -border security and free flow of data, and effectively keep the development of security and promote security with development.

In recent years, with the vigorous development of the digital economy, data cross -border activities have become increasingly frequent, and data processor's data outbound demand has grown rapidly. Clarifying the specific provisions of the data outbound security assessment is the need to promote the healthy development of the digital economy and prevent and resolve the risks of cross -border security, it is the need to safeguard national security and public interests, and to protect the rights and interests of personal information. The "Measures" stipulate the scope, conditions and procedures of data outbound security assessment, which provides specific guidelines for data outbound security assessment.

The "Measures" clearly states that data processors provide these measures to provide important data collected and generated in the operation of the People's Republic of China and the security assessment of the security assessment of personal information. The principles of data outbound security assessment adhere to the combination of pre -evaluation and continuous supervision, and the combination of risk self -assessment and security assessment.

The "Measures" stipulates that the situation of data outbound security assessment should be declared, including data processors with important data, key information infrastructure operators and processing data processors with more than 1 million personal information to provide personal information to overseas, self -top From January 1st, the data processors with a total of 100,000 personal information or 10,000 sensitive personal information have been provided to the abroad to provide personal information overseas and other situations required to declare data outbound security assessment stipulated by the national network information department.

The "Measures" put forward specific requirements for data outbound security assessment, stipulating that data processors shall carry out self -assessment of data outbound risk before reporting data outbound security assessment and clarify key evaluation matters. The data processor clearly stipulates the liability obligations of data security protection in the legal documents set up with an overseas receiving party, and the situation that affects data outbound security during the validity period of the data outbound security assessment shall be re -approved. In addition, it also clarifies the data outbound security assessment procedures, supervision and management systems, legal responsibility, and requirements for compliance rectification requirements.

Source: Internet Information China

not

Review: Wang Shaoyun

Editor: Wang An

Material arrangement: Xu Xiaowei, Wang An

not

- END -