Understanding the Chinese Data Security Law

On 10 June 2021, the Data Security Law of the People’s Republic of China (hereinafter the “DSL”) was adopted at the 29th session of the Standing Committee of the 13th National People’s Congress, effective as of 1 September 2021. The DSL is the fundamental law in the data security sphere and, together with the Cybersecurity Law (hereinafter the “CSL”) and the Personal Information Protection Law (hereinafter the “PIPL”), outlines the data regulatory framework in China. The DSL contains seven chapters and 55 articles that widely cover data security mechanisms, obligations and liabilities at both State administration and data handler levels. In this article, the key contents of the DSL together with the intensively promulgated supplemental laws and regulations will be analyzed to provide a comprehensive grasp of data security supervision in China. Specifically, section one explains the basic concepts of the DSL, section two highlights the key data security protection mechanisms such as the Important Data protection and data cross-border transfer and section three will summarize the main compliance obligations for companies to effectively put laws into actions.