What is the Chinese Cybersecurity Law?
The Chinese Cybersecurity Law (CCL) provides a legislative framework to regulate the Chinese digital landscape, including the appropriate handling of personal information and important data.
This wide-reaching legislation mandates that data originating in China must be stored there, unless specific criteria are met. Should the data need to be transferred overseas for processing, the processor or ‘Network Operator’ must first conduct a security self-assessment. If the data contains personal information, individual consent is required from the data subject first; they must also be notified of who the data recipient is, the purpose, scope, content, and country the recipient resides in.
Where transfers meet the set criteria, the CCL requires network operators to entrust a government agency to conduct the security assessment and review.
Though the CCL legislation does not preclude the ability of non-domestic companies to manage Chinese data, it is vital that companies who do so ensure that they comply with, and are able to demonstrate, their adherence to these comprehensive regulations. There are significant fines for non-compliance with the law – potentially up to 1,000,000 RMB. Additionally, businesses can be closed, or face forfeiting their licensing to trade.
Fortra's Digital Guardian can help you comply with CCL
Fortra's Digital Guardian can support CCL compliance through the following features:
Data Localization Support
Ensures that sensitive data, particularly critical information infrastructure (CII), is stored and processed within China as required by the law.
Encryption and Data Security
Encrypts data both in transit and at rest, providing an additional layer of security to safeguard sensitive information from potential cyber threats.
Comprehensive Audit Trails
Provides detailed logging and reporting of data access and handling activities, supporting compliance with the law’s requirements for record-keeping and audits.
Policy Enforcement and Compliance Management
Automates the enforcement of security policies, ensuring consistent compliance with the law’s requirements across all data handling and communication activities within the organization.