Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

Jiangxi: Development and Reform Commission announces Jiangxi Data Regulations

The Jiangxi Development and Reform Commission announced, on 28 April 2022, the draft Jiangxi Provincial Data Regulations. In particular, the Regulations define data activities, such as data processing, which includes data collection, storage, use, transmission, provision, and disclosure. Likewise, the Regulations establish that data governance includes activities such as data classification, completion, integration, cleaning, and desensitisation. More specifically, the Regulations outline requirements surrounding public data, stating that no unit may regard public data as their own property and add conditions that affect public data's collection, sharing, opening, or use. Furthermore, the Regulations detail that public data (which involves personal information such as medical data or cultural education, but which cannot identify a specific individual and cannot be recovered after anonymisation) must be aggregated to a unified data sharing exchange platform.

On the other hand, the Regulations provide, with regard to non-public data, that data processors must obtain personal consent for data involving personal images, identification, and other personal information. However, the Regulations add that data processors must not refuse to provide products and services on the grounds that individuals do not consent to such processing, unless the processing of personal information is necessary for the provisions of products and services. Accordingly, the Regulations note that, in order to process sensitive personal information, which includes biometrics, religious beliefs, specific identities, financial accounts, and location data, written consent must be obtained.

In addition, the Regulations clarify certain data security requirements for data processors, namely that if there are multiple data processors, each processor bears corresponding security responsibilities, and that if a data processor changes due to a merger or sale, the changed processor will bear data security responsibility.

You can read the Regulations, only available in Chinese, here.