其他
Legal Update! Data Security Law of the PRCR
Click LegalTIps
to follow us
Can my Ex-employer Use my Portrait in Marketing Material?
Highlights are as follows:要点如下:
Data Security System数据安全制度
* The State establishes a data classification and hierarchical protection system to protect data by classification and level, depending on the importance of the data in economic and social development, and the damage caused to national security, public interests, or the legitimate rights and interests of individuals and organizations if the data is falsified, damaged, disclosed, illegally obtained or illegally used. The national data security coordination mechanism shall coordinate the relevant departments to formulate catalogs of important data, and strengthen the protection of important data.国家建立数据分类分级保护制度,根据数据在经济社会发展中的重要程度,以及一旦遭到篡改、破坏、泄露或者非法获取、非法利用,对国家安全、公共利益或者个人、组织合法权益造成的危害程度,对数据实行分类分级保护。国家数据安全工作协调机制统筹协调有关部门制定重要数据目录,加强对重要数据的保护。
* The State establishes a data security review system, under which data processing activities that affect or may affect national security shall be reviewed for national security.A decision on security review made in accordance with the law shall be final.国家建立数据安全审查制度,对影响或者可能影响国家安全的数据处理活动进行国家安全审查。依法作出的安全审查决定为最终决定。* The State exercises export control over the data which falls under controlled items and is related to the safeguarding of national security and interests and the fulfillment of international obligations in accordance with the law.
国家对与维护国家安全和利益、履行国际义务相关的属于管制物项的数据依法实施出口管制。
* Where any country or region takes any discriminatory prohibitive or restrictive measure or other similar measure against the People's Republic of China in respect of investment or trade related to data and data development and utilization technology, the People's Republic of China may take reciprocal measures against such country or region in light of the actual circumstances.任何国家或者地区在与数据和数据开发利用技术等有关的投资、贸易等方面对中华人民共和国采取歧视性的禁止、限制或者其他类似措施的,中华人民共和国可以根据实际情况对该国家或者地区对等采取措施。
Obligations for Data Security Protection数据安全保护义务
* Whoever carries out data processing activities shall establish a sound data security management system throughout the whole process, organize data security education and training, and take corresponding technical measures and other necessary measures to ensure data security, in accordance with the provisions of laws and regulations. To carry out data processing activities by making use of the Internet or any other information network, the aforesaid obligations for data security protection shall be performed on the basis of the graded protection system for cyber security.开展数据处理活动应当依照法律、法规的规定,建立健全全流程数据安全管理制度,组织开展数据安全教育培训,采取相应的技术措施和其他必要措施,保障数据安全。利用互联网等信息网络开展数据处理活动,应当在网络安全等级保护制度的基础上,履行上述数据安全保护义务。
* The Cyber Security Law of the People's Republic of China shall apply to the security management for the cross-border transfer of important data collected and produced during operation by key information infrastructure operators within the territory of the People's Republic of China; and the administrative measures for the security management for the cross-border transfer of important data collected and produced during operation by other data processors within the territory of the People's Republic of China shall be formulated by the state cyberspace administration in concert with the relevant departments under the State Council. 关键信息基础设施的运营者在中华人民共和国境内运营中收集和产生的重要数据的出境安全管理,适用《中华人民共和国网络安全法》的规定;其他数据处理者在中华人民共和国境内运营中收集和产生的重要数据的出境安全管理办法,由国家网信部门会同国务院有关部门制定。
* Any organization or individual shall collect data by lawful and proper means and shall not acquire data by theft or other illegal means.Where laws and administrative regulations provide for the purposes and scope of data collection and use, the data shall be collected and used for the purposes and within the scope prescribed by such laws and administrative regulations.任何组织、个人收集数据,应当采取合法、正当的方式,不得窃取或者以其他非法方式获取数据。法律、行政法规对收集、使用数据的目的、范围有规定的,应当在法律、行政法规规定的目的和范围内收集、使用数据。* In the provision of services, an institution engaged in data transaction intermediary services shall require the data provider to explain the data source, examine the identities of both parties to the transaction, and keep the examination and transaction records.从事数据交易中介服务的机构提供服务,应当要求数据提供方说明数据来源,审核交易双方的身份,并留存审核、交易记录。
* The competent authorities of the People's Republic of China shall, in accordance with the relevant laws and the international treaties and agreements concluded or acceded to by the People's Republic of China or on the principle of equality and mutual benefit, handle the requests made by foreign judicial or law enforcement authorities for the provision of data. No organization or individual within the territory of the People's Republic of China may provide foreign judicial or law enforcement authorities with the data stored within the territory of the People's Republic of China without the approval of the competent authorities of the People's Republic of China.中华人民共和国主管机关根据有关法律和中华人民共和国缔结或者参加的国际条约、协定,或者按照平等互惠原则,处理外国司法或者执法机构关于提供数据的请求。非经中华人民共和国主管机关批准,境内的组织、个人不得向外国司法或者执法机构提供存储于中华人民共和国境内的数据。
Tap "Read More" to visit our website