Comparing Privacy Laws: GDPR vs. CSL/DSL
Create an account
Join our community for free to access exclusive whitepapers, reports, and regulatory information.
Download this comparison report to learn more about:
- The key compliance areas of the GDPR, CSL, and DSL
- The similarities and differences of each law through a detailed comparison
Comparing Privacy Laws: GDPR vs. CSL/DSL
The General Data Protection (GDPR), the Cybersecurity Law of the People’s Republic of China (CSL), and the Data Security Law (DSL), all contain provisions governing the processing of personal information. The CSL, which entered into effect on June 1, 2017, focuses on national security, cyberspace sovereignty, and the protection of lawful rights and interests. The DSL, effective September 1, 2021, applies to the processing of personal and non-personal information. In comparison, the GDPR is principally aimed at protecting personal data and regulating its use.
The three laws contain some similarities, with the GDPR, CSL, and DSL, requiring the adoption of measures to ensure the security of personal information, requiring notification of security incidents, and establishing supervisory authorities with corrective and investigative powers. However, the CSL and the DSL differ from the GDPR in some significant ways, particularly relating to data protection officer (DPO) appointments, data subject rights, and record-keeping requirements.
