On 10 June 2021, the 29th Session of the Standing Committee of the Thirteenth National People's Congress voted to adopt the Data Security Law of the People's Republic of China (hereinafter referred to as the "DSL"), which will take effect on 1 September 2021. DSL has become an important legal basis for the state big data strategy and is an important cornerstone for data protection and the development of the digital economy.

DSL emphasizes the responsibilities of enterprises in protecting data security: enterprises are required to develop policy system to safeguard data security, manage data security risks and report data security incidents. The introduction of DSL provides a new code of conduct for the domestic data application industry and market, and also establishes entry barriers for the industry, promoting the standardization of data applications and transactions from a legal perspective, as well as strengthening the importance of data security protection for the whole society.

From the perspective of compliance of general business organizations, this article would like to summarize the key points of data security requirements proposed in DSL and explore the effective path for enterprises to implement cybersecurity, data security and personal information protection management activities in a systematic and integrated way.