• EnglishEnglish
    • Deutsch Deutsch
    • Italiano Italiano
    • Français Français
    • 日本語 日本語
    • 한국어 한국어

CISEMA - China Zertifizierung, Einkauf und Qualitätssicherung

  • Services
    • NMPA Registration – Medical Devices and IVDs
    • NMPA Registration & DMF – Pharmaceuticals
    • NMPA Registration – Cosmetics
    • NMPA Registration – Health Food
    • CML (China Manufacture Licence) – Pressure vessels
    • CCC (China Compulsory Certification) – Industrial and consumer goods
    • Others
      • Sourcing and Quality Control
      • Logistics and Customs Support
      • Sales Support
  • Events
    • Trade Fairs & Conferences
    • Seminars
    • Webinars
  • News & Knowledge
    • Regulatory News
      • Medical Devices and IVDs
      • Cosmetics
      • Pharmaceuticals & DMF
      • CCC
      • Pressure Vessels
    • Whitepapers
    • FAQ – NMPA Registration – Medical Devices and IVDs
    • Newsletter Sign Up
    • Others
      • Publications
      • Online Shop
  • About us
    • Partners
    • Company Profile
    • Testimonials
  • Locations
  • Newsletter Sign Up
Contact
  • Home
  • News
  • News
  • NMPA Registration in China
  • Medical Device
  • China issues new measures on cross border data transfer security assessments for medical devices

China issues new measures on cross border data transfer security assessments for medical devices

China cross border data transfer for medical devices
Tuesday, 13 September 2022 / Published in Medical Device, News, NMPA Registration in China

China issues new measures on cross border data transfer security assessments for medical devices

China cross border data transfer for medical devices have new measures that came into force on September 1, 2022. The new Measures for Data Export Security Assessment (the “security assessment measures”) were issued on July 7, 2022, by China’s top cybersecurity authority, the Cyberspace Administration of China (CAC).

Highlights

  • The new security assessment measures provide specific requirements, steps, and procedures for companies to undergo a security assessment in order to transfer data or personal information (PI) overseas.
  • The measures apply to data processors of “important data” and personal information collected and generated within the territory of the People’s Republic of China.
  • The new security assessment measures are supporting legislation to China’s three overarching data security laws:
    • Cybersecurity Law (CSL) June 1, 2017
    • Data Security Law (DSL) June 10, 2021
    • Personal Information Protection Law (PIPL) which came into effect most recently on November 1, 2021.

Scope of Application

  • Not all companies need to undergo a data security assessment before transferring data overseas. If one of the following conditions is met, a data export security assessment must be sent to the national cybersecurity and informatization department through the local provincial level cybersecurity and informatization authority:
    1. The data handler transfers “important data” abroad.
    2. Critical Information Infrastructure Operators (CIIO) and data processors that process the personal information (PI) of more than 1 million people transferring personal information abroad.
    3. Data processors that have transferred the PI of over 100,000 people or the “sensitive” PI of over 10,000 people overseas since January 1 of the previous year.
    4. Other situations stipulated by the national cybersecurity and informatization department that need to declare data export security assessment.

As China regulatory affairs experts and CRO, below you will find our analysis of the measures for the field of medical devices.

Risk assessment of data export in the field of medical device

  • The launch of “the Security Assessment Measures” further reinforces the NMPA’s implementation of the Medical Device Cybersecurity Technical Review Guidelines.
  • As a result of the release of the security assessment measures, the NMPA will be more rigorous in implementing the Medical Device Cybersecurity Technical Review Guidelines, which require that important data, personal information and human genetic resource information collected and generated in China should, in principle, be stored in China.
  • For businesses that need to provide PI outside the country, this should be undertaken in accordance with the national network information department and in conjunction with the relevant departments of the State Council to develop a security assessment.
  • The NMPA will rigorously review the cybersecurity of the medical device during the medical device registration review phase due to this release of security assessments measures for China cross border data transfer for medical devices. The manufacturer will need to submit complete, accurate and consistent cybersecurity documentation to the NMPA. Cybersecurity documentation includes:
    • cybersecurity description documents,
    • cybersecurity risk management documents,
    • cybersecurity requirements specifications,
    • cybersecurity validation plans,
    • cybersecurity validation reports,
    • cybersecurity vulnerability assessments,
    • and cybersecurity analyses.

Further information

Read the full measures for data export security assessments here.

If you would like to know how these measures for data export security assessments apply to your medical device registration or medical device clinical trial, please contact us.

GET IN TOUCH

🌐 Send us your enquiry
📚 Request our whitepapers
📣 Sign up for our newsletter

What you can read next

guidelines for medical devices registration
Guidelines for medical devices registration in China – New development plans in 2023
China Medical Device Clinical Evaluation Recommended Paths
China Medical Device Clinical Evaluation Recommended Paths
China chemical drug instructions labels
China chemical drug instructions and labels guidelines

Search

Categories

  • Fairs & Events
  • News
    • CCC
    • CEL
    • CML, SELO
    • Medical Devices Listing in Hong Kong
    • NMPA Registration in China
      • Cosmetics
      • Health Food
      • Medical Device
      • Pharmaceuticals & DMF
    • RoHS
    • Voluntary Product Certification
  • Publications
  • Seminars
  • Uncategorized
  • Webinars

Recent Posts

  • laser therapy devices

    Clinical evaluation of laser therapy devices – New guidelines issued

    Clinical evaluation of laser therapy devices ha...
  • dental implant system

    Clinical evaluation of dental implant systems in China – New guidelines issued

    Clinical evaluation of dental implant system ha...
  • China Medical Device Webinar

    China Medical Device Webinar with AdvaMed Accel for U.S. exporters

    The China Medical Device Webinar will be featur...
  • webinar_medical-device-market-authorisation

    Cisema presenting at FORUM Institut: Medical device marketing authorisation for advanced – Masterclass China

    Cisema is delighted to hold a Masterclass with ...
  • generative AI services

    China’s generative AI interim measures now in effect

    China’s generative AI interim measures fo...

Archive

Cisema

With twelve locations and over ninety highly qualified employees, Cisema can offer you optimal support in China.

Services

  • Certification
  • Sourcing and Quality Control
  • Logistics and Customs Support
  • Sales Support

Dialogue

  • Contact us
  • Newsletter Signup
  • Events
  • News & Knowledge
  • Partners

Company

  • GTC
  • Privacy Statement
  • Legal Notice
  • About us
  • Locations
  • GET SOCIAL

© 2021 Cisema. All rights reserved.

TOP