Chapter IV Data Security Protection Obligations

Article 27

Permalink

Translation Notice

This is an unofficial English translation prepared for general informational purposes only. It does not constitute legal advice. In case of any discrepancy, the official Chinese text published by the competent authority shall prevail.

本文为非官方英文翻译,仅供一般信息参考,不构成法律意见。如与主管机关发布的中文正式文本不一致,以中文正式文本为准。

Chinese Original

第二十七条 开展数据处理活动应当依照法律、法规的规定,建立健全全流程数据安全管理制度,组织开展数据安全教育培训,采取相应的技术措施和其他必要措施,保障数据安全。利用互联网等信息网络开展数据处理活动,应当在网络安全等级保护制度的基础上,履行上述数据安全保护义务。 重要数据的处理者应当明确数据安全负责人和管理机构,落实数据安全保护责任。

English Translation

Those carrying out data processing activities shall, in accordance with laws and regulations, establish and improve full-process data security management systems, organize data security education and training, and take corresponding technical measures and other necessary measures to safeguard data security. Where data processing activities are carried out through the Internet or other information networks, the above data security protection obligations shall be performed on the basis of the cybersecurity classified protection system. Processors of important data shall designate data security responsible persons and management bodies and implement data security protection responsibility.

Free web reference version. Editable bilingual Word/PDF/Excel packages may be provided separately after editorial review.

  • cybersecurity
  • important data
  • data processing
  • data security
  • MLPS / classified protection

Related rules: Important data rules source tracker

Related standards: GB/T 43697

Source reference: DSL Article 27. Source authority: Standing Committee of the National People's Congress. Effective version: 2021-09-01 effective version. Amendment status: not amended. Last verified: 2026-05-20. Last updated: 2026-05-25. Official source.

Source Reference

Official source

Last updated: 2026-05-25. Last verified: 2026-05-20. Independent reference only. Chinese text shall prevail.