The Data Security Law (DSL), which further strengthens China’s regulation of data security, will come into effect on September 1, 2021. The critical question for foreign companies is to what extent they will be affected by the DSL. The crux of the matter here is the so-called “important data.” This special category of data is subject to stricter regulations and tighter security measures than ordinary data.
The central criterion for classifying data as “important” is its significance for the economic and social development of the country. Particularly strict rules apply to “core national data” related to national security, people’s livelihoods, and vital public interests.
How these data are determined depends largely on the catalog of important data developed by each region and industry. Some industries, such as the financial sector, have already established rules, while other industries will now implement data categorization -classification systems. Companies therefore need to keep a timely eye on their industry’s regulations.
The DSL is in line with the Multi Level Protection Scheme (MLPS 2.0) of the Cyber Security Law, according to which companies must classify themselves according to 5 levels with regard to their data security and have them certified by the authorities. We recommend that you carry out the DSL-compliant classification of your own data right away as part of the MLPS-project and kill two birds with one stone.