Join our webinar on democratizing data in the cloud with Forrester, Snowflake and TIAA - Sign up here

Start Now

China's CSL

Get compliant with the most comprehensive PrivacyOps platform.

China's PIPL

Know all about China's Personal Information Protection Law (PIPL)
Download Infographic
Available in PDF

China’s Cybersecurity Law (China’s CSL) went into effect on June 1st, 2017, and applies to the operation, maintenance, and use of information networks in China. The law protects the legal interests and rights of organizations as well as individuals in China. It also promotes the secure development of technology and the digitization of the economy in China.

The solution

SECURITI enables organizations to comply with China's CSL through AI-driven PI data discovery, DSR automation, documented accountability, enhanced visibility into data processing activities, and AI-driven process automation.

securiti dashboard

SECURITI supports enterprises in their journey toward compliance with China's CSL through automation, enhanced data visibility, and identity linking.

See how our comprehensive PrivacyOps platform helps you comply with various sections of China’s CSL.


 

Customize a data subject rights request portal for seamless customer care

Create customized web forms according to your brand image with the DSR request format and accept verified data subject rights requests. Automate the initiation of fulfillment workflows when verified requests are received.

dsr portal
dsr handling

Automate data subject request handling

Data subjects need to be notified about their data privacy rights and organizations are required to simplify the initiation of verified DSR requests. The automation of the delivery and generation of secure data access reports will greatly reduce the risk of compliance violations and reduce the workforce required to comply with all the requests.

Automate the processing of rectification requests

Article: 43

With the help of automated data subject verification workflows across all appearances of a subject’s personal data, you can seamlessly fulfill all data rectification requests.

data access request
data rectify request

Automate erasure requests

Article: 43
Fulfill data subject’s erasure requests, swiftly, through automated and flexible workflows.

Continuous monitoring and tracking

Articles: 9, 10, 38, 40, 41, 44, 46, 47

Keep track of risks involved by continuously scanning and monitoring data against non-compliance to subject rights, security controls, or data residency.

data erasure request
personal data monitoring tracking

Automate People Data Graph

Discover personal information stored across all your internal and external systems within the organization and link them back to a unique data subject. Also, visualize personal data sprawl and identify compliance risks.

Monitor and track consent

Article: 22, 41
Track consent revocation of data subjects to prevent the transfer or processing of data without their consent. Seamlessly demonstrate consent compliance to regulators and data subjects.

personal information data linking
cookie consent

Privacy Policy and Notice Management

Articles: 41

Automate how you publish your privacy notices with the help of pre-built templates to make the process faster. Also, enable centralized management by tracking and monitoring privacy notices in order to maintain compliance.

Meet cookie compliance

Article: 22, 41

Automatically scan the web properties within your organization, categorizing tags, and cookies. Also, build customizable cookie banners, collect consent, and provide a preference center.

consent preference management
Assess GDPR readiness

Assess China’s CSL readiness

Articles:9, 10, 21-26, 31, 34, 40-42

With the help of our multi-regulation, collaborative, readiness, and security assessments , you can gauge your organization's posture against China’s CSL requirements, identify the gaps, and address the risks. Seamlessly being able to expand assessment capabilities across your vendor ecosystem to maintain compliance against China’s CSL.

Map data flows/cross border data transfers

Articles: 37, 47

Track data flows in your organizations, trace this data, catalog, transfer, and document business process flows internally and to service providers, cross border transfers or third parties.

breach response notification

Breach Response Notification

Article: 42, 55

Automates compliance actions and breach notifications to concerned stakeholders in relation to security incidents by leveraging a knowledge database on security incident diagnosis and response.

Key Rights Under China’s CSL

Right to Information Prior to the collection or processing of data by network operators, users shall have the right to know the purpose of collection or processing, the methods used, and the scope of their personal information.

Right to Deletion: Individuals have the right to request deletion of their personal information if they discover that the network operator’s collection or the processing is in violation of compliance requirements.

Right to Rectification: Individuals have the right to request that network operators rectify incorrect personal information.

Right to be Notified: Individuals have the right to be notified by the network operator if their information is tampered with, disclosed, destroyed, or lost.

Facts related to China’s CSL

1
The CSL applies to individuals and organizations handling the data which according to the law are “network operators and critical information infrastructure operators (CIIOs)”.
2
Network Operators are defined as owners, operators, and service providers of networks.
3
CIIOs refer to the operators of critical information infrastructure in important industries and sectors (such as information service, public service, and e-government) and other information infrastructure that, if leaked, may severely threaten the national security, national economy, people’s livelihood, and public interests.
4
China’s CSL provides stricter requirements for the CIIOs.
5
Violators of China’s CSL can be charged with criminal penalties based on the seriousness of non-compliance.
6
Organizations violating data localization can be fined roughly between $7,500-75,000 USD.