Chinese Cybersecurity Law (CCL)

What is the Chinese Cybersecurity Law?

Text

The Chinese Cybersecurity Law (CCL) provides a legislative framework to regulate the Chinese digital landscape, including the appropriate handling of personal information and important data.

This wide-reaching legislation mandates that data originating in China must be stored there, unless specific criteria are met. Should the data need to be transferred overseas for processing, the processor or ‘Network Operator’ must first conduct a security self-assessment. If the data contains personal information, individual consent is required from the data subject first; they must also be notified of who the data recipient is, the purpose, scope, content, and country the recipient resides in.

Where transfers meet the set criteria, the CCL requires network operators to entrust a government agency to conduct the security assessment and review.

Though the CCL legislation does not preclude the ability of non-domestic companies to manage Chinese data, it is vital that companies who do so ensure that they comply with, and are able to demonstrate, their adherence to these comprehensive regulations. There are significant fines for non-compliance with the law – potentially up to 1,000,000 RMB. Additionally, businesses can be closed, or face forfeiting their licensing to trade.  

Fortra's Digital Guardian can help you comply with CCL

Fortra's Digital Guardian can support CCL compliance through the following features: 

Data Localization Support

Ensures that sensitive data, particularly critical information infrastructure (CII), is stored and processed within China as required by the law.

See Digital Guardian DLP in Action

GET A DEMO