Lin Guanzhou, deputy general manager of Xinlian Digital: How can companies carry out self -assessment of data outbound risk at high quality?

Cover Journalist Zhu Zhu

With the continuous development of economic globalization and the continuous development of information and digital technology, it has bred a wide range of cross -border business scenarios. However, in recent years, data illegal outbound incidents such as exit of human genetic information collection and medical imaging data exit have also aroused widespread concern in society. Therefore, how to regulate and orderly managing data cross -border activities has become an imminent problem for national and social security.

On July 7, the national online information held the "Measures for the Evaluation of Data Outbound", and the implementation rules of the security evaluation path were further clarified. Measures stipulate that enterprises shall carry out self -assessment of data outbound risks before applying for data outbound security assessment.

So how do companies do high -quality self -assessment? On September 26, at the 2022 CCS Chengdu Cyber ​​Security Conference and Data Governance Summit, Lin Guanzhou, deputy general manager of Beijing CITIC Digita Technology Co., Ltd. shared the exploration and practice of self -assessment of corporate data cross -border risk, giving relevant suggestions Essence

Self -assessment is an effective way for enterprises to review their own risks

Data show that in the past ten years, the amount of data on cross -border flow has increased by nearly 45 times. It is estimated that by 2025, the added value generated by cross -border data flow will reach $ 11 trillion. In such a large amount of data cross -border flow, from the perspective of national security, there are obvious concerns about data outbound. From the perspective of risk, there are many risks in the field of data collection, transmission, storage, and application.

Lin Guanzhou mentioned that, during the collection process, the outbound data has the phenomenon of excessive collection and non -authorized collection. During the transmission process, whether the outbound data is interrupted, intercepted, tampered with, and forged, in data storage, in data storage In the process, whether there are risks such as data theft and leakage, and in the process of data application, whether the outbound data has risks such as abuse and malicious utilization. Essence

As the state has successively introduced laws and regulations such as cyber security law, data security law, and personal information protection law, data cross -border security management has increased to the height of the legal system.

"But when it comes to self -assessment, companies often think that because of the requirements of laws and regulations, they need to be evaluated." However, Lin Guanzhou believes that this is one -sided and limited. An effective way of its own risks can help enterprises to establish the relevant concepts of data outbound compliance through high -quality self -assessment work, clarify the compliance risks of their own data outbound, to ensure the long -term development of the data outbound business.

Enterprises should actively build a data outbound risk prevention and control system

Self -assessment work is a process in the mirror and clothing crown, and it is also a process of discovering, analyzing problems, and solving problems. So how do enterprises carry out self -assessment of data outbound risks at high quality?

"Data outbound security assessment is an emerging thing. First of all, enterprises must be familiar with relevant policies and fully understand the importance and complexity of self -assessment work. In addition, because self -assessment work involves many aspects, it often requires a considerable number of internal number of enterprises. The department and personnel came to cooperate, and the coordination of various departments was a powerful guarantee for successfully carrying out self -assessment work. "Lin Guanzhou said.

Lin Guanzhou also suggested that from the perspective of its long -term development of its own business, enterprises should attach importance to the problems found in the process of self -assessment, actively take improvement measures, make up for the shortcomings of the problem, build a system for the prevention and control of corporate data outbound risk, and increase the risk of data outbound. The ability to prevent and control, so as to win stable and sustainable business development with a high -quality risk management model.

In addition, Lin Guanzhou believes that the regulatory authorities and the parties of the enterprise must actively explore the path of data out of security, understand each other, strengthen communication, and help improve the overall results of data to promote security work.

- END -