Chapter IV Data Security Protection Obligations

Article 30

Permalink

Translation Notice

This is an unofficial English translation prepared for general informational purposes only. It does not constitute legal advice. In case of any discrepancy, the official Chinese text published by the competent authority shall prevail.

本文为非官方英文翻译,仅供一般信息参考,不构成法律意见。如与主管机关发布的中文正式文本不一致,以中文正式文本为准。

Chinese Original

第三十条 重要数据的处理者应当按照规定对其数据处理活动定期开展风险评估,并向有关主管部门报送风险评估报告。 风险评估报告应当包括处理的重要数据的种类、数量,开展数据处理活动的情况,面临的数据安全风险及其应对措施等。

English Translation

Processors of important data shall, in accordance with regulations, conduct regular risk assessments of their data processing activities and submit risk assessment reports to relevant competent departments. A risk assessment report shall include the types and quantities of important data processed, the circumstances of data processing activities carried out, the data security risks faced, and response measures, among other matters.

Free web reference version. Editable bilingual Word/PDF/Excel packages may be provided separately after editorial review.

  • important data
  • data processing
  • data security

Related rules: Important data rules source tracker

Related standards: GB/T 43697; GB/T 37964

Source reference: DSL Article 30. Source authority: Standing Committee of the National People's Congress. Effective version: 2021-09-01 effective version. Amendment status: not amended. Last verified: 2026-05-20. Last updated: 2026-05-25. Official source.

Source Reference

Official source

Last updated: 2026-05-25. Last verified: 2026-05-20. Independent reference only. Chinese text shall prevail.