Workflow
央行发布《中国人民银行业务领域数据安全管理办法》
第一财经·2025-05-09 10:31

Core Points - The article discusses the implementation of the "Data Security Management Measures in the Business Field of the People's Bank of China," which will take effect on June 30, 2025, after being approved on April 2, 2025 [1][56] - The measures consist of seven chapters and fifty-six articles, outlining the principles, management mechanisms, and specific requirements for data security in the banking sector [1][56] Group 1: General Principles - The measures aim to standardize data security management in the business field of the People's Bank of China and promote the development and utilization of data [3][4] - The principle of "whoever manages the business, manages the data, and manages data security" is emphasized, placing the responsibility on data processors to prevent risks such as data tampering, destruction, and illegal access [4][5] Group 2: Data Classification and Requirements - The People's Bank of China is responsible for establishing standards for data classification and protection, guiding institutions in categorizing their data based on sensitivity and business relevance [7][8] - Data is classified into three levels: general data, important data, and core data, with specific requirements for the protection of important and core data [8][9] Group 3: Data Processing and Security Measures - Data processors must implement comprehensive data security management systems, including establishing internal approval processes for data handling and ensuring the accuracy of data collection [10][11] - Specific security measures are required for data collection, storage, processing, and transmission, including encryption and access control [30][33] Group 4: Risk Management and Incident Response - Data processors are required to monitor risks associated with data processing activities and take immediate corrective actions when risks are identified [39][40] - Annual risk assessments must be conducted for important data, with reports submitted to the People's Bank of China [42] Group 5: Legal Responsibilities - The People's Bank of China has the authority to conduct inspections and impose penalties on data processors that fail to comply with the established data security measures [47][49] - Specific violations, such as not establishing a data security management system or failing to conduct risk assessments, can lead to administrative penalties [49][50]