On 28 May 2019, the Cyberspace Administration of China (CAC) released the draft Measures on the Administration of Data Security (Data Security Measures, see our in-house English translation here) for public consultation.

This Data Security Measures will be a great leap forward in China's current data protection landscape, which mainly consists of scattered provisions contained in various pieces of legislation's and standards, such as the Cyber Security Law, the e-commerce law, the Consumer Rights Protection Law, as well as the Personal Information Security Specification (Specification), the most comprehensive yet non-binding national standard with respect to data protection. The Data Security Measures, once officially promulgated, will be the first binding administrative regulation in China to specifically and systematically set out explicit protection for personal data and important data collected and processed through the use of cyber technologies, following the effectiveness of the Cyber Security Law in 2017 (see our briefings here).

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.