China has announced new data export regulations that simplified the previous rules. The Cyberspace Administration of China unveiled the Provisions on Regulation and Promoting Cross-Border Data Flows, easing data export restrictions whilst ensuring data security and compliance meet international standards.
One key aspect of the regulations is the requirement for companies to conduct security assessments before transferring data abroad. This was previously referred to as the export of “important data” and was burdensome on businesses due to the complex documentation required as well as the ambiguous definition of “important data”.
The simplified regulations now feature several exemptions to data export activities and feature a classification system for data exports based on the level of sensitivity and potential impact on national security. This classification will guide companies in determining the appropriate measures and approvals required for exporting different types of data. It also emphasises the importance of data protection and privacy in alignment with global best practices. The regulations also define data export activities and the situations in which data is exported depending on where the data originated and where it will be received.
For businesses operating in China, these regulations necessitate a comprehensive understanding of data governance, security protocols, and compliance frameworks. Companies must invest in robust data protection strategies, including encryption, access controls, and regular audits, to ensure compliance with the new export rules.
The regulations also encourage collaboration between government agencies, industry stakeholders, and international partners to promote data transparency and responsible data management practices. This collaborative approach fosters trust among businesses and consumers, enhancing China’s reputation as a reliable hub for data-driven innovation and investment.
For a full reading of the media release, see here.