自2022年9月1日《数据出境安全评估办法》实施以来,截至2023年1月31日,上海市互联网信息办公室已解答咨询电话1300余通,接收正式申报材料67件,其中通过完备性查验并报送国家网信办35件,正在进行完备性查验17件,主要涉及零售、汽车、金融、医药等领域。
为更好服务上海市数据处理者开展数据出境安全评估申报工作,根据《数据出境安全评估办法》(以下简称《办法》)和《数据出境安全评估申报指南(第一版)》(以下简称《申报指南(第一版)》),结合近期咨询情况及完备性查验常见问题发布实务问答(二)。数字化转型网www.szhzxw.cn
一、形式查验方面:
1、数据处理者可以自行变更申报材料模板吗?
答:不能。数据处理者应严格参照《申报指南(第一版)》各材料模板填写,请勿自行增删修改模板。
2、申报材料的原件、影印件有哪些具体要求?
答:根据《申报指南(第一版)》附件1要求,经办人授权委托书、承诺书、数据出境安全评估申报表、数据出境风险自评估报告等都应提供原件。
统一社会信用代码、法定代表人身份证件、经办人身份证件、与境外接收方拟订立的数据出境相关合同或者其他具有法律效力的文件等可提供影印件并加盖公章,影印件应确保清晰、无遮挡。
3、如何准备经办人授权委托书、承诺书?
答、应严格按照《申报指南(第一版)》模板拟写经办人授权委托书、承诺书,并在对应位置加盖公章、签字、注明日期,其中签字应确保手写笔迹。
4、法律文件的具体形式要求是什么?
答:法律文件形式无限制,数据处理者可结合实际提交合同、内部制度等法律文件。
需特别注意,法律文件中涉及数据出境安全评估申报表13项引用内容的,必须按要求作高亮、线框等显著标识。
通过数据出境安全评估后,数据处理者开展出境活动前实际签署的法律文件应与此前申报开展数据出境活动实际情形一致。
二、内容查验方面:
5、数据出境风险自评估报告撰写中有哪些注意事项?数字化转型网www.szhzxw.cn
答:应严格按照模板进行报告撰写,确保真实完整,不得变更自评估报告框架,同时建议增加目录并注明页码。
如有第三方机构参与自评估,须在自评估报告中说明第三方机构的基本情况及参与评估的情况,并在相关内容页上加盖第三方机构公章。
6、数据处理者如何说明符合申报条件的具体情形?
答:数据处理者应依据《办法》第四条,明确所符合的申报情形,建议可在自评估报告中说明符合申报情形的支撑数据。
7、数据处理者如何确定拟出境数据情况?
答:根据《办法》第十四条要求,“通过数据出境安全评估的结果有效期为2年,自评估结果出具之日起计算”。数据处理者申报的出境数据应为未来两年的拟出境数据,包括数据规模和涉及自然人数量,自然人数量应按人数计算,并标注是否去重。
8、数据出境安全评估申报表的填写原则是什么?
答:按照应填尽填、真实完整原则,同一表格项如存在并列内容均需填写。《申报指南(第一版)》填表说明提及的表格项应按说明要求进行填写,例如08项数据链路提及填写要素均需涵盖、13项需正确引用页码并对相关内容进行高亮标注等。
如数据出境安全评估申报表中涉及无法填写的内容,需要形成解释说明材料并加盖数据处理者公章。
三、其他:
9、申报材料纸质件如何进行装帧、打包?
答:数据处理者装帧申报材料形式无限制,可采用长尾票夹、回形针、订书针、文件袋等,建议不要采用形式奇特、过于精美繁复的装帧。
如申报材料较多,请使用无文字及图案标记的纯色纸箱打包。
10、申报材料电子版的提交要求是什么?
答:刻录在光盘中进行提交。若一次提交涉及多个场景,可刻录在一张光盘中,不同场景设置单独的文件夹,每个场景文件夹内需包含《申报指南(第一版)》附件1提到的一整套材料。需要确保PDF版本材料和纸质件一致(带公章、签字等)。此外,建议附上WORD版本材料。数字
化转型网www.szhzxw.cn
翻译:
Since the implementation of the Measures for Data Exit Security Assessment on September 1, 2022, by January 31, 2023, Shanghai Internet Information Office has answered more than 1,300 inquiries and received 67 formal declaration materials, of which 35 have passed the completeness inspection and been submitted to the State Cyberspace Office, and 17 are undergoing the completeness inspection. Mainly involved in retail, automobile, finance, medicine and other fields.
In order to better serve data processors in Shanghai in carrying out Data Exit Security assessment and declaration work, practical Questions and Answers (II) are issued in accordance with the Measures on Data Exit Security Assessment (hereinafter referred to as the Measures) and the Guide to Data Exit Security Assessment (First Edition) (hereinafter referred to as the Guide to Declaration (First Edition)) and in combination with recent consultation and frequently asked questions on completeness inspection.
Form inspection:数字化转型网www.szhzxw.cn
Can the data processor change the template of application materials by itself?
A: No. Data processing personnel should fill in the material templates in strict accordance with the Declaration Guide (First Edition). Please do not add, delete or modify the templates by yourself.
What are the specific requirements for the original and photocopies of the declaration materials?
A: According to the requirements of Annex 1 of the Declaration Guide (First Edition), the original copy of the agent’s power of attorney, commitment letter, data exit safety assessment form, data exit risk self-assessment report, etc., shall be provided.
Photocopies of the unified social credit code, the identity certificate of the legal representative, the identity certificate of the handler, the data exit related contract drawn up with the overseas recipient or other documents with legal effect can be provided with the official seal. The photocopies shall be clear and without occlusion.
How to prepare the agent’s letter of authorization and letter of commitment?
A. The agent’s letter of authorization and letter of commitment shall be written in strict accordance with the template of the Declaration Guide (First Edition), and the official seal, signature and date shall be affixed at the corresponding position. The signature shall be handwritten.
What are the specific form requirements of legal documents?
Answer: There is no limit to the form of legal documents. The data processor can submit legal documents such as contract and internal system according to the actual situation.
Special attention should be paid to the legal documents involving the 13 references in the data exit security assessment declaration form, which must be highlighted, wire frame and other prominent marks as required.
After passing the data exit safety assessment, the legal documents actually signed by the data processor before carrying out the exit activities shall be consistent with the actual situation of the previously declared data exit activities.
Content inspection:数字化转型网www.szhzxw.cn
What should I pay attention to in writing the data exit risk Self-assessment report?
A: The report should be written in strict accordance with the template to ensure authenticity and integrity. The framework of the self-evaluation report should not be changed. Meanwhile, it is suggested to add the table of contents and indicate the page number.
If any third-party organization participates in the self-assessment, the basic information of the third-party organization and its participation in the assessment shall be explained in the self-assessment report, and the official seal of the third-party organization shall be affixed on the relevant content page.
How does the data processor explain the specific situations that meet the declaration conditions?
A: The data processor shall, in accordance with Article 4 of the Measures, make clear the declaration conditions met, and it is suggested to state the supporting data meeting the declaration conditions in the self-assessment report.
How does the data processor determine the data to be exported?
A: According to the requirements of Article 14 of the Measures, “the validity period of the data exit safety assessment is 2 years, starting from the date of issuance of the assessment result”. The exit data declared by the data processor shall be the planned exit data of the next two years, including the data scale and the number of natural persons involved. The number of natural persons shall be calculated according to the number of people and marked whether the weight is removed or not.
What are the filling principles for the data exit Security Assessment form?
Answer: In accordance with the principle of full filling, authenticity and completeness, the same form should be filled in if there are parallel contents. The form items mentioned in the form filling instructions of the Application Guide (First Edition) should be filled in according to the instructions. For example, 08 items mentioned in the data link should be covered, 13 items should quote the page number correctly and highlight the relevant contents.
If the data exit security assessment form involves contents that cannot be filled in, the explanatory materials shall be formed and stamped with the official seal of the data processor.
Others:
How to bind and pack the paper parts of the application materials?
A: The data processor binding declaration material form is unlimited, can use long tail ticket clip, paper clip, staple, file bag, etc. It is recommended not to use the form of strange, too delicate and complex binding.
If the application materials are large, please pack them in solid colored cartons without text and pattern marks.数字化转型网www.szhzxw.cn
What are the requirements for submission of electronic application materials?
A: Burn to CD for submission. If multiple scenes are submitted at one time, they can be burned on a CD. Separate folders can be set for different scenes. Each folder should contain a set of materials mentioned in Annex 1 of the Application Guide (First Edition). Make sure the PDF version is the same as the paper version (with official seal, signature, etc.). In addition, it is recommended to attach WORD version materials.
本文由数字化转型网(www.szhzxw.cn)转载而成,来源:网信上海;编辑/翻译:数字化转型网宁檬树。
免责声明: 本网站(https://www.szhzxw.cn/)内容主要来自原创、合作媒体供稿和第三方投稿,凡在本网站出现的信息,均仅供参考。本网站将尽力确保所提供信息的准确性及可靠性,但不保证有关资料的准确性及可靠性,读者在使用前请进一步核实,并对任何自主决定的行为负责。本网站对有关资料所引致的错误、不确或遗漏,概不负任何法律责任。
本网站刊载的所有内容(包括但不仅限文字、图片、LOGO、音频、视频、软件、程序等) 版权归原作者所有。任何单位或个人认为本网站中的内容可能涉嫌侵犯其知识产权或存在不实内容时,请及时通知本站,予以删除。
