Wang Yinan, Beijing Deheng Law Firm: Regulatory regulations before and after the introduction stipulate that my country takes a solid step in the establishment of a data outbound security management system

Cover News Profile reporter Tan Yuqing

On September 26, at the 2022 CCS Chengdu Cyber ​​Security Conference and Data Governance Summit, Wang Yinan, head of the Science and Technology Commission of Beijing Deheng Law Firm, explained in detail the "Evaluation Measures for Data Outbound Security" in a keynote speech (hereinafter referred to as "Security" The applicable conditions, workflows and main contents of the "Evaluation") and the "Regulations on the Exit Standards for the Outbound of Personal Information" (hereinafter referred to as the "Standard Contract").

It is reported that the "Safety Evaluation" was officially implemented on September 1st. The Standard Contract has completed the public opinion solicitation at the end of July. It is expected that the official version will be released in the near future.

Wang Yinan concluded that only important data, whether or not it involved in shutdown, no matter the number of personal information, a security assessment needs to be performed. The personal information spreading to overseas requires a security assessment. Personal information that does not reach the evaluation threshold needs to be provided with the relevant provisions of the Standard Contract to provide personal information to overseas after signing a contract. In addition, Wang Yinan also gave multiple scenes, explaining the complexity of the concept of "providing data to overseas", and indicating that the legal terms need to be carried out in practice according to the logic behind the legislation and analyze it.

In Wang Yinan's view, the main difference between "Security Evaluation" and "Standard Contract" is the time for regulatory intervention. Supervision. And the "Standard Contract" is a post -post -event supervision, that is, as long as the standard contract is signed, the data can be freely flowing, but after risk, we can use this set of security supervision mechanisms provided by the Standard Contract to control risk."

At the same time, Wang Yinan also mentioned that the main body of personal information can be added to the "Standard Contract" through a third party beneficiary right. The recipient's legal responsibility. "

Wang Yinan believes that the introduction of "Security Evaluation" and "Standard Contracts" marks important and solid steps in my country in the work of building a data outbound security management system. With the continuous introduction of documents of other supporting laws and regulations, The construction of the country's data outbound security management system will become wider and wider, and go smoothly.

- END -