• EnglishEnglish
    • Deutsch Deutsch
    • Italiano Italiano
    • Français Français
    • 日本語 日本語
    • 한국어 한국어

CISEMA - China Zertifizierung, Einkauf und Qualitätssicherung

  • Services
    • NMPA Registration – Medical Devices and IVDs
    • NMPA Registration & DMF – Pharmaceuticals
    • NMPA Registration – Cosmetics
    • NMPA Registration – Health Food
    • CML (China Manufacture Licence) – Pressure vessels
    • CCC (China Compulsory Certification) – Industrial and consumer goods
    • Others
      • Sourcing and Quality Control
      • Logistics and Customs Support
      • Sales Support
  • About us
    • Partners
    • Company Profile
    • Testimonials
  • Locations
  • Events
    • Trade Fairs & Conferences
    • Seminars
    • Webinars
  • News & Knowledge
    • Regulatory News
      • Medical Devices and IVDs
      • Cosmetics
      • Pharmaceuticals & DMF
      • CCC
      • Pressure Vessels
    • Whitepapers
    • FAQ – NMPA Registration – Medical Devices and IVDs
    • Newsletter Sign Up
    • Others
      • Publications
      • Online Shop
Contact
  • Home
  • News
  • News
  • NMPA Registration in China
  • Medical Device
  • China issues new measures on cross border data transfer security assessments for medical devices

China issues new measures on cross border data transfer security assessments for medical devices

China cross border data transfer for medical devices
Tuesday, 13 September 2022 / Published in Medical Device, News, NMPA Registration in China

China issues new measures on cross border data transfer security assessments for medical devices

China cross border data transfer for medical devices have new measures that came into force on September 1, 2022. The new Measures for Data Export Security Assessment (the “security assessment measures”) were issued on July 7, 2022, by China’s top cybersecurity authority, the Cyberspace Administration of China (CAC).

Highlights

  • The new security assessment measures provide specific requirements, steps, and procedures for companies to undergo a security assessment in order to transfer data or personal information (PI) overseas.
  • The measures apply to data processors of “important data” and personal information collected and generated within the territory of the People’s Republic of China.
  • The new security assessment measures are supporting legislation to China’s three overarching data security laws:
    • Cybersecurity Law (CSL) June 1, 2017
    • Data Security Law (DSL) June 10, 2021
    • Personal Information Protection Law (PIPL) which came into effect most recently on November 1, 2021.

Scope of Application

  • Not all companies need to undergo a data security assessment before transferring data overseas. If one of the following conditions is met, a data export security assessment must be sent to the national cybersecurity and informatization department through the local provincial level cybersecurity and informatization authority:
    1. The data handler transfers “important data” abroad.
    2. Critical Information Infrastructure Operators (CIIO) and data processors that process the personal information (PI) of more than 1 million people transferring personal information abroad.
    3. Data processors that have transferred the PI of over 100,000 people or the “sensitive” PI of over 10,000 people overseas since January 1 of the previous year.
    4. Other situations stipulated by the national cybersecurity and informatization department that need to declare data export security assessment.

As China regulatory affairs experts and CRO, below you will find our analysis of the measures for the field of medical devices.

Risk assessment of data export in the field of medical device

  • The launch of “the Security Assessment Measures” further reinforces the NMPA’s implementation of the Medical Device Cybersecurity Technical Review Guidelines.
  • As a result of the release of the security assessment measures, the NMPA will be more rigorous in implementing the Medical Device Cybersecurity Technical Review Guidelines, which require that important data, personal information and human genetic resource information collected and generated in China should, in principle, be stored in China.
  • For businesses that need to provide PI outside the country, this should be undertaken in accordance with the national network information department and in conjunction with the relevant departments of the State Council to develop a security assessment.
  • The NMPA will rigorously review the cybersecurity of the medical device during the medical device registration review phase due to this release of security assessments measures for China cross border data transfer for medical devices. The manufacturer will need to submit complete, accurate and consistent cybersecurity documentation to the NMPA. Cybersecurity documentation includes:
    • cybersecurity description documents,
    • cybersecurity risk management documents,
    • cybersecurity requirements specifications,
    • cybersecurity validation plans,
    • cybersecurity validation reports,
    • cybersecurity vulnerability assessments,
    • and cybersecurity analyses.

Further information

Read the full measures for data export security assessments here.

If you would like to know how these measures for data export security assessments apply to your medical device registration or medical device clinical trial, please contact us.

GET IN TOUCH

🌐 Send us your enquiry
📚 Request our whitepapers
📣 Sign up for our newsletter

What you can read next

China cosmetics quality safety responsibilities
China cosmetics quality and safety responsibilities regulations released
china cosmetics sampling inspections
China cosmetics sampling inspections draft measures published
changes during china drug registration
Changes during the China drug registration – Working procedures implemented

Search

Categories

  • Fairs & Events
  • News
    • CCC
    • CEL
    • CML, SELO
    • Medical Devices Listing in Hong Kong
    • NMPA Registration in China
      • Cosmetics
      • Health Food
      • Medical Device
      • Pharmaceuticals & DMF
    • RoHS
    • Voluntary Product Certification
  • Publications
  • Seminars
  • Uncategorized
  • Webinars

Recent Posts

  • China medical device sampling inspection results

    China medical device sampling inspection results no.4 of 2022

    China medical device sampling inspection result...
  • NMPA cosmetic sampling inspection

    The NMPA Cosmetic Sampling Inspection measures come into force on March 1, 2023

    NMPA Cosmetic Sampling Inspection Measures come...
  • China cosmetics quality safety responsibilities

    China cosmetics quality and safety responsibilities regulations released

    China cosmetics quality and safety responsibili...
  • China cosmetics efficacy claims FAQ

    China cosmetics efficacy claims FAQ available to answer key questions

    China cosmetics efficacy claims FAQ is availabl...
  • China cosmetics GMP inspections

    China cosmetics GMP inspections points have been finalised

    China cosmetics GMP inspections points and judg...

Archive

Cisema

With twelve locations and over ninety highly qualified employees, Cisema can offer you optimal support in China.

Services

  • Certification
  • Sourcing and Quality Control
  • Logistics and Customs Support
  • Sales Support

Dialogue

  • Contact us
  • Newsletter Signup
  • Events
  • News & Knowledge
  • Partners

Company

  • GTC
  • Privacy Statement
  • Legal Notice
  • About us
  • Locations
  • GET SOCIAL

© 2021 Cisema. All rights reserved.

TOP
Cookies on Cisema
Learn more about Cisema's Privacy Policy.