A Data Compliance Reference Manual from the Supervisory Authority

Summary

---

• Data processing in the financial sector has always been regulated robustly
• The new Measures published by the People's Bank of China continue this trend, setting out a number of detailed provisions and consolidating the data security management obligations of data handlers in the sector
• The Measures can be regarded as the "Data Compliance Reference Manual" for data compliance management
• The new Measures provide for management and technical protection measures for data security based on data categorization and classification, focusing on the collection, storage, transmission and deletion of data
• The Measures also set out a number of annual compliance obligations which will assist data handlers in improving their overall data security level, but will also increase their annual compliance budget

On July 24, 2023, the People's Bank of China (PBC) issued the Measures for the Administration of Data Security in the Business Areas of the People's Bank of China (Draft for Comments) (the "Measures") (中国人民银行业务领域数据安全管理办法 (征求意见稿)). The Measures provide practical guidelines for relevant data handlers when carrying out data processing activities in the business sphere of the PBC in compliance with laws and regulations. They also represent an improvement to the country's data compliance management system.

The Measures implement and connect the requirements of the PRC Data Security Law and other higher-level laws while also combining the existing financial industry standard guidelines and taking into account the experiences which the supervisory authorities have built up. The Measures therefore have a significant practical reference value for data processing in the financial fields, and can be regarded as the "Data Compliance Reference Manual" for data compliance management in this sector.