Current location - Loan Platform Complete Network - Big data management - The Data Security Law stipulates that the State what work coordination mechanism to coordinate the relevant departments to formulate important data directory to strengthen the protection of
The Data Security Law stipulates that the State what work coordination mechanism to coordinate the relevant departments to formulate important data directory to strengthen the protection of

Chapter I General Principles

Article 1 In order to regulate data processing activities, safeguard data security, promote the development and utilization of data, protect the legitimate rights and interests of individuals and organizations, and safeguard the sovereignty, security and development interests of the State, the enactment of this Law.

Article 2 This Law shall apply to data processing activities and their security supervision within the territory of the People's Republic of China*** and the State.

Data processing activities carried out outside the territory of the People's Republic of China, harming the national security of the People's Republic of China, the interests of the public **** or the legitimate rights and interests of citizens and organizations, shall be investigated for legal responsibility in accordance with the law.

Article 3 The data referred to in this Law refers to any record of information by electronic or other means.

Data processing, including the collection, storage, use, processing, transmission, provision and disclosure of data.

Data security, means ensuring that data are in a state of effective protection and legitimate utilization, as well as having the ability to guarantee an ongoing state of security, by taking the necessary measures.

Article 4 The maintenance of data security shall adhere to the overall national security concept, establish and improve the data security governance system, and improve the ability to guarantee data security.

Article 5 The central national security leadership agency is responsible for decision-making and coordination of national data security work, researching, formulating and guiding the implementation of the national data security strategy and relevant major guidelines and policies, coordinating major matters and important work on national data security, and establishing a national data security work coordination mechanism.

Article 6 Each region and department shall be responsible for the data collected and generated in the work of the region and department and for data security.

Departments in charge of industry, telecommunications, transportation, finance, natural resources, health, education, science and technology bear the responsibility for supervising data security in their own industries and fields.

Public security organs, state security organs, etc., in accordance with the provisions of this Law and relevant laws and administrative regulations, within their respective areas of responsibility to assume responsibility for data security supervision.

The State Net Information Department, in accordance with the provisions of this Law and relevant laws and administrative regulations, is responsible for coordinating network data security and related regulatory work.

Article 7 The State protects the data-related rights and interests of individuals and organizations, encourages the reasonable and effective use of data in accordance with the law, guarantees the free flow of data in an orderly manner in accordance with the law, and promotes the development of the digital economy with data as a key element.

Article 8 To carry out data processing activities, it shall comply with laws and regulations, respect social morality and ethics, comply with business ethics and professional ethics, be honest and trustworthy, fulfill the obligation of data security protection, assume social responsibility, and shall not jeopardize the national security, public **** interests, and shall not harm the legitimate rights and interests of individuals and organizations.

Article IX The State supports the propaganda and popularization of data security knowledge, raises the awareness and level of data security protection in the whole society, promotes the participation of the relevant departments, industrial organizations, scientific research institutes, enterprises, individuals and other **** in the work of data security protection, and the formation of a favorable environment for the whole society to **** with the safeguarding of data security and the promotion of development.

Article X. Relevant industry organizations, in accordance with the statute, formulate data security code of conduct and group standards in accordance with the law, strengthen industry self-discipline, guide members to strengthen data security protection, improve the level of data security protection, and promote the healthy development of the industry.

Article XI The State actively carries out international exchanges and cooperation in the fields of data security governance, data development and utilization, participates in the formulation of international rules and standards related to data security, and promotes the safe and free flow of data across borders.

Article 12 Any individual or organization shall have the right to complain or report to the competent authority concerned any violation of the provisions of this Law. The department that receives the complaint or report shall deal with it in a timely manner and in accordance with the law.

The competent authorities shall keep the complaint, the informant's information confidential, to protect the complaint, the informant's legitimate rights and interests.

Chapter II Data Security and Development

Article XIII of the State to coordinate the development and security, and adhere to the development and utilization of data and industrial development to promote data security, data security to protect the development and utilization of data and industrial development.

Article XIV The State implements the big data strategy, promotes the construction of data infrastructure, and encourages and supports the innovative application of data in various industries and fields.

People's governments at or above the provincial level shall incorporate the development of the digital economy into the national economic and social development plan at this level, and formulate the development plan for the digital economy according to the needs.

Article 15 The state supports the development and utilization of data to enhance the intelligent level of public **** services. The provision of intelligent public **** services shall give full consideration to the needs of the elderly and persons with disabilities, and avoid creating obstacles to the daily lives of the elderly and persons with disabilities.

Article 16 The State supports research on data development and utilization and data security technology, encourages technology promotion and commercial innovation in the fields of data development and utilization and data security, and fosters and develops data development and utilization and data security products and industrial systems.

Article 17 The state promotes the construction of data development and utilization technology and data security standards system. The administrative department in charge of standardization under the State Council and the relevant departments under the State Council, in accordance with their respective responsibilities, to organize the formulation and timely revision of relevant data development and utilization technologies, products and data security-related standards. The State supports the participation of enterprises, social organizations and educational and scientific research institutions in the formulation of standards.

Article 18 The State promotes the development of data security testing, assessment, certification and other services, and supports data security testing, assessment, certification and other professional organizations to carry out service activities in accordance with the law.

The State supports collaboration among relevant departments, industry organizations, enterprises, educational and scientific research institutions, and relevant professional institutions in data security risk assessment, prevention, and disposal.

Article 19 The State establishes and improves the management system for data transactions, regulates the behavior of data transactions, and cultivates the data transaction market.

Article 20 The State supports education, scientific research institutions and enterprises to carry out education and training related to data development and utilization technology and data security, and adopts a variety of ways to cultivate professionals specialized in data development and utilization technology and data security, and to promote the exchange of talents.

Chapter III Data Security System

Article 21 The State establishes a data classification and protection system, based on the importance of data in economic and social development, as well as once tampered with, destroyed, leaked or illegally accessed or illegally used, the degree of harm to national security, public **** interests, or the legitimate rights and interests of individuals and organizations, the implementation of classification and hierarchical protection of data. The national data security work coordination mechanism coordinates the relevant departments to develop an important data catalog to strengthen the protection of important data.

Data related to national security, the lifeblood of the national economy, important people's livelihoods, and major public **** interests belong to the national core data, and a stricter management system is implemented.

Regions and departments shall, in accordance with the data classification and hierarchical protection system, determine the specific catalog of important data in their own regions, departments, and related industries and fields, and focus on the protection of data included in the catalog.

Article 22 The State establishes a centralized, unified, efficient and authoritative data security risk assessment, reporting, information ****sharing, monitoring and early warning mechanism. The national data security work coordination mechanism to coordinate the relevant departments to strengthen data security risk information acquisition, analysis, research and early warning work.

Article 23 The State establishes a data security emergency response mechanism. In the event of a data security incident, the relevant competent departments shall, in accordance with the law, start the emergency response plan, take appropriate emergency response measures to prevent the expansion of harm, to eliminate potential safety hazards, and timely release of public warning information to the community.

Article 24 The State establishes a data security review system, and conducts national security reviews of data processing activities that affect or may affect national security.

The security review decision made in accordance with law shall be final.

Article 25 The State implements export control in accordance with law on data belonging to controlled items that are relevant to the safeguarding of national security and interests and the fulfillment of international obligations.

Article 26 If any country or region adopts discriminatory prohibitions, restrictions or other similar measures against the People's Republic of China*** and the State of China in the areas of investment, trade and other aspects relating to data and data development and utilization technologies, the People's Republic of China*** and the State of China may take measures reciprocally against the country or region in the light of the actual situation.

Chapter IV Data Security Protection Obligations

Article 27 Data processing activities shall be carried out in accordance with the provisions of laws and regulations, the establishment and improvement of a whole-process data security management system, the organization of data security education and training, and the adoption of appropriate technical measures and other necessary measures to safeguard the security of data. The use of the Internet and other information networks to carry out data processing activities, should be based on the network security level protection system, to fulfill the above data security protection obligations.

The processor of important data shall specify the person in charge of data security and the management organization, and implement the responsibility for data security protection.

Article 28 Carrying out data processing activities as well as research and development of new data technologies shall be conducive to the promotion of economic and social development and the well-being of the people, and shall be consistent with social morality and ethics.

Article 29 The data processing activities shall strengthen risk monitoring, and shall immediately take remedial measures when data security flaws, loopholes and other risks are found; in the event of a data security incident, immediate measures shall be taken to deal with it, and promptly inform the user in accordance with the provisions of the report to the relevant competent authorities.

Article 30 The processor of important data shall, in accordance with the provisions of its data processing activities on a regular basis to carry out risk assessment, and to the relevant competent authorities to submit risk assessment reports.

The risk assessment report shall include the types and quantities of important data being processed, the circumstances under which the data processing activities are being carried out, the data security risks faced and their countermeasures.

Article 31 The outbound security management of important data collected and generated by operators of critical information infrastructures in their operations within the territory of the People's Republic of China*** and the State shall be governed by the provisions of the Chinese People's Republic of China*** and the State Cybersecurity Law; and the measures for the outbound security management of important data collected and generated by operators of other data processors in their operations within the territory of the People's Republic of China*** and the State shall be formulated by the national net information department in conjunction with the relevant departments of the State Council to formulate.

Article 32 Any organization or individual who collects data shall do so in a lawful and legitimate manner, and shall not steal or obtain data in other unlawful ways.

Where laws and administrative regulations prescribe the purpose and scope of data collection and use, data shall be collected and used within the purpose and scope prescribed by the laws and administrative regulations.

Article 33 The agency engaged in data transaction intermediary services to provide services, shall require the data provider to explain the source of data, audit the identity of both parties to the transaction, and keep records of the audit and transaction.

Article 34 The laws and administrative regulations provide for the provision of data processing-related services should obtain administrative licenses, the service provider shall obtain a license in accordance with the law.

Article 35 The public security organs, state security organs for the maintenance of national security or the investigation of crime in accordance with the need to retrieve data, shall be in accordance with the relevant provisions of the state, after strict approval procedures, in accordance with the law, the relevant organizations and individuals shall cooperate.

Article 36 The competent authorities of the People's Republic of China shall, in accordance with the relevant laws and international treaties and agreements concluded or participated in by the People's Republic of China or in accordance with the principle of equality and reciprocity, deal with requests from foreign judicial or law enforcement agencies for the provision of data. Organizations or individuals within the territory of the People's Republic of China may not provide data stored in the territory of the People's Republic of China to foreign judicial or law enforcement agencies without the approval of the competent organ of the People's Republic of China.

Chapter V Security and Openness of Government Data

Article 37 The State vigorously promotes the construction of e-government, improves the scientific, accurate and timely nature of government data, and enhances the ability to utilize the data to serve economic and social development.

Article 38 State organs shall collect and use data for the purpose of performing their statutory duties, and shall do so within the scope of their statutory duties and in accordance with the conditions and procedures prescribed by laws and administrative regulations; data such as personal privacy, personal information, commercial secrets, and confidential business information, etc., known in the performance of their duties shall be kept confidential in accordance with the law, and shall not be divulged or unlawfully made available to others.

Article 39 State organs shall, in accordance with the provisions of laws and administrative regulations, establish and improve the data security management system, the implementation of data security protection responsibilities, and safeguard the security of government data.

Article 40 The state organs entrust others to build, maintain e-government systems, storage, processing of government data, shall be subject to strict approval procedures, and shall supervise the entrusted party to fulfill the corresponding data security protection obligations. The entrusted party shall, in accordance with the provisions of laws and regulations and contractual agreements to fulfill the obligation of data security protection, shall not be retained without authorization, the use, leakage, or to provide others with government affairs data.

Article 41 The state organs shall follow the principles of justice, fairness and accessibility, in accordance with the provisions of timely and accurate disclosure of government data. Exceptions are not disclosed in accordance with the law.

Article 42 The State shall formulate an open catalog of government affairs data, build a unified, standardized, interconnected, secure and controllable platform for opening government affairs data, and promote the open use of government affairs data.

Article 43 The provisions of this chapter shall apply to organizations authorized by laws and regulations with the function of managing public **** affairs to carry out data processing activities in order to perform their statutory duties.

Chapter VI Legal Liability

Article 44 If the competent authorities concerned, in the performance of their duties of data safety supervision, find that there is a greater safety risk in data processing activities, they may, in accordance with the prescribed authority and procedures, interview the organizations and individuals concerned and require them to take measures to carry out rectification and eliminate the hidden dangers.

Article 45 If an organization or individual conducting data processing activities fails to fulfill the data security protection obligations stipulated in Articles 27, 29 and 30 of this Law, the competent department concerned shall order rectification, give a warning, and may impose a fine of not less than 50,000 yuan but not more than 500,000 yuan, and may impose a fine of not less than 10,000 yuan but not more than 100,000 yuan on the directly responsible supervisory personnel and other directly responsible personnel; Refuse to correct or cause a large number of data leakage and other serious consequences, a fine of more than five hundred thousand yuan to two million yuan, and may be ordered to suspend the relevant business, suspension and rectification, revocation of the relevant business permit or revocation of business license, the directly responsible supervisory personnel and other personnel directly responsible for the imposition of a fine of more than 50,000 yuan to 200,000 yuan.

If a violation of the national core data management system jeopardizes national sovereignty, security and development interests, the competent authorities concerned shall impose a fine of not less than two million yuan and not more than ten million yuan, and order the suspension of the relevant business, suspension and reorganization, revocation of the relevant business permits or revocation of the business license as appropriate; and if the violation constitutes a crime, the person in charge shall be held criminally liable in accordance with the law.

Article 46 If a person violates the provisions of Article 31 of this Law by providing important data outside the country, the competent department concerned shall order rectification, give a warning, and may impose a fine of not less than one hundred thousand yuan and not more than one million yuan, and may impose a fine of not less than ten thousand yuan and not more than one hundred thousand yuan on the directly responsible supervisory personnel and other personnel directly responsible; if the circumstances are serious, the department shall impose a fine of not less than one million yuan and not more than ten million yuan and may order the suspension of the relevant business, suspension and reorganization, revocation of the relevant business permit or revocation of business license, and impose a fine of one hundred thousand yuan or more than one million yuan on the directly responsible persons in charge and other persons directly responsible.

Article 47 If an organization engaged in data transaction intermediary services fails to fulfill the obligations stipulated in Article 33 of this Law, the competent department concerned shall order rectification, confiscate the illegal income, and impose a fine of not less than double but not more than ten times of the illegal income, and if there is no illegal income or if the illegal income is less than 100,000 yuan, impose a fine of not less than 100,000 yuan but not more than one million yuan, and may order suspension of the relevant business, suspension of the relevant business reorganization, suspension of the relevant business license or revocation of the business license. related business license or revocation of business license; the directly responsible person in charge and other directly responsible persons shall be sentenced to a fine of not less than ten thousand yuan and not more than one hundred thousand yuan.

Article 48 If a person violates the provisions of Article 35 of this Law and refuses to cooperate in data retrieval, the competent department concerned shall order correction, give a warning and impose a fine of not less than 50,000 yuan but not more than 500,000 yuan, and impose a fine of not less than 10,000 yuan but not more than 100,000 yuan on the person in charge directly in charge and other persons directly responsible.

In violation of the provisions of Article 36 of this Law, if a person provides data to a foreign judicial or law enforcement agency without the approval of the competent authority, the competent authority concerned shall give a warning and may impose a fine of not less than one hundred thousand yuan and not more than one million yuan, and impose a fine of not less than ten thousand yuan and not more than one hundred thousand yuan on the supervisors directly in charge and other personnel directly responsible; in case of serious consequences, a fine of not less than one million yuan and not more than five million yuan shall be imposed. Fines, and may be ordered to suspend the relevant business, suspension of rectification, revocation of the relevant business license or revocation of business license, the directly responsible persons in charge and other directly responsible persons shall be sentenced to a fine of more than 50,000 yuan to less than 500,000 yuan.

Article 49 If a state organ fails to fulfill its data security protection obligations under this Law, the directly responsible person in charge and other directly responsible persons shall be punished according to law.

Article 50 State employees who perform data security supervision duties shall be given sanctions in accordance with the law if they neglect their duties, abuse their powers, or commit malpractice for personal gain.

Article 51 Anyone who steals or acquires data in other illegal ways, carries out data processing activities to exclude or restrict competition, or harms the legitimate rights and interests of individuals or organizations shall be punished in accordance with the provisions of relevant laws and administrative regulations.

Article 52 Violation of the provisions of this Law, causing damage to others, shall bear civil liability in accordance with the law.

If a violation of the provisions of this Law constitutes a violation of public security administration, public security administration shall be punished in accordance with law; if it constitutes a crime, criminal responsibility shall be investigated in accordance with law.

Chapter VII Supplementary Provisions

Article 53 The provisions of the Law of the People's Republic of China on the Preservation of State Secrets and other laws and administrative regulations shall apply to the conduct of data processing activities involving state secrets.

Carrying out data processing activities in statistics and archives work, and carrying out data processing activities involving personal information shall also comply with the provisions of relevant laws and administrative regulations.

Article 54 Measures for the security protection of military data shall be separately formulated by the Central Military Commission in accordance with this Law.

Article 55 This Law shall come into force on September 1, 2021.

Related articles
  • What are the things that make you realize that "technology doesn't seem to be working as well as it should"?
  • Software application for making clothes
  • What indicators does service performance monitoring include?
  • Big data textual research copy
  • What does data economy mean
  • Communication trip card can not check the data how to do
  • Is Harbin Hua Ze Digital Reliable?
  • What is the salary treatment of big data now?
  • What color pants and tops go with beige shoes? Please God!
  • Server ddos defense

    • copyright 2024 Loan Platform Complete Network All rights reserved