China’s new Data Security Law imposes extensive obligations on entities engaging in data processing activities from 1 September 2021

25 June 2021

On 10 June 2021, the Standing Committee of China’s National People’s Congress (“NPC”) adopted the Data Security Law of the People’s Republic of China (中华人民共和国数据安全法) (“DSL”) which will come into force on 1 September 2021. Before officially passing the DSL, the NPC had solicited public opinion on two drafts of the proposed law, which were issued on 3 July 2020 and 29 April 2021 respectively.

This article provides an overview of the DSL and highlights (1) the categorised and hierarchical data protection system adopted by the DSL, (2) general obligations imposed on entities engaging in data processing activities, and (3) certain restrictions and obligations in relation to cross-border data transfer.