The Chinese Government has been encouraging companies to have mobile app certifications for some time. Search engines and app stores are encouraged to prioritize applications from companies that have certifications. Now, enterprise data security management certification is also to be developed.
In early June 2022, the General Administration of Market Supervision and the Office of Network Information released the data security certification documents. Companies that are network operators can use voluntary certification to demonstrate that your data security management system has a certain standard, verifying that an effective security management system has been established for the collection, storage, use, processing, transmission, provision, disclosure and other data processing activities.
The data processing security requirements in an audited data security management system include data identification through the formation of a data protection catalog, classification of data in accordance with national standards and regulations, and risk prevention and control. Here, the company must implement a responsibility and assessment system for data management, and create protection plans and risk assessments for early handling of security incidents. In addition, the lifecycle of data processing must be recorded to ensure that it is traceable.
We recommend that companies operating in China look into the new data security management certification. On the one hand, certifications increase the trust of Chinese customers in the company, and on the other hand, it can create a competitive advantage over competitors.