Image source: Oriental IC
Blue Whale TMT Channel News on July 7, according to Internet Information China, today, The National Internet Information Office announced the "Data Export Security Assessment Measures" (hereinafter referred to as the "Methods"), starting from September 2022 Effective from the 1st. The "Measures" stipulate the scope, conditions and procedures for data export security assessment, and provide specific guidance for data export security assessment work.
"Measures" clarifies that these Measures are applicable to the security assessment of important data and personal information collected and generated by data processors provided overseas by during its domestic operations in the People's Republic of China. It is proposed that data export security assessment adheres to the principles of combining prior assessment with continuous supervision, and combining risk self-assessment with security assessment.
The "Measures" stipulate the circumstances under which data export security assessments should be reported, including data processors providing important data overseas, operators of critical information infrastructure and data processors processing the personal information of more than 1 million people providing personal information overseas, and Data processors that have provided personal information of 100,000 people or sensitive personal information of 10,000 people to overseas countries since January 1 last year have provided personal information overseas and other situations stipulated by the national cyberspace department that require declaration of data export security assessment.
The "Measures" put forward specific requirements for data export security assessment, stipulating that data processors should conduct a data export risk self-assessment and clarify key assessment matters before applying for data export security assessment. It is stipulated that the data processor shall clearly stipulate the data security protection responsibilities and obligations in the legal documents entered into with the overseas recipient. During the validity period of the data export security assessment, circumstances affecting the data export security shall be re-applied for assessment. In addition, it also clarified data export security assessment procedures, supervision and management systems, legal responsibilities, and compliance and rectification requirements.
