Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

China: TC260 requests comments on enterprise data protection requirements

The National Information Security Standardisation Technical Committee ('TC260') requested, on 1 December 2022, public comments on the draft Standard on Industrial Internet Enterprise Network Security Part 4: Data Protection Requirements. In particular, the TC260 highlighted that the draft Standard is the fourth part of a series aimed to ensure data security, network security, and data protection technical requirements, among other things.

More specifically, the draft Standard outlines industrial internet data security requirements processes, including data security management requirements and security protection requirements. Notably, the Standard provides that technical requirements include:

  • the classification methods and requirements for industrial internet data;
  • graded protection requirements for the entire lifecycle of data used;
  • graded protection requirements for other data processing activities; and
  • industrial internet data management requirements, such as security management systems, system and equipment management, supply chain security management, security assessment, and log retention.

Public comments may be submitted via email to [email protected] until 30 January 2023.

You can read the announcement here and download the draft Standard here.