China will shortly be releasing its Information Security Technology – Identification Guide of Key Data. This is a national standard intended to help business understand what "key" or "Important" data means for the purposes of the various rules on management of data in China’s increasing influential digital economy.
Knowing what data is key/important is relevant for 2 main reasons: (1) such data attracts a higher compliance burden and (2) such data must be stored within the PRC and undergo a regulator-led security assessment before it is transferred abroad - crucial for the structuring of data flows in tech-led and other international businesses.
Having reviewed an advance draft issued in June and an updated version last week, it seems that for certain organisations, the national standard raises as many questions as it answers. Read our latest DigiLinks post for our analysis.
While the new national standard gives clarity to information security personnel in some regards, various organisations will be left with questions as to how they should apply the prescribed process to their business
unknownx500
/Passle/5f6c57568cb62a0d7c9eadee/SearchServiceImages/2024-02-27-12-47-18-449-65ddd9d65f7b5f15f56b5a86.jpg)
