Shanghai is raising the level of data protection in the city. A pilot program will classify and tiered data categories and develop catalogs of important data. To this end, the program will identify typical cases, develop general methods, and provide training to meet needs.
The background is the Data Security Law (DSL), which includes classified and tiered data protection and requires the systematization of important data. Since it came into force on 01.09.2021, the Chinese central Government and local administrations have been pushing ahead with implementation at an accelerated pace. According to industry experts, the draft Information Security Technology – Security Requirements for Important Data Processing, completed in 2022, is in the process of legislative decision-making, and the national standard Information Security Technology – Guideline for Important Data Identification is under review. In addition to Shanghai, other cities and provinces such as Shanxi, Liaoning, Zhejiang, Guangdong and Beijing are also working to integrate classified and tiered data protection into local legislation. Foreign companies in China should now obtain the relevant information from the local government as part of their IT compliance, conduct data mapping with the help of external experts, check their data files for compliance with the law, and implement classified and tiered data protection.