Learn more about Hitpoint

Fresh news

Thoughts on data export compliance. Oracle NetSuite Data Privacy Plan protects your data security!

Data has become a national strategic resource and a major factor of production, as well as a core competitive asset for enterprises. With the wave of economic globalization, cross-border data flows are becoming increasingly frequent, and data export scenarios are increasing. Preventing data export security risks and ensuring the orderly and free flow of data in accordance with the law have become the current focus.

At present, my country's data export supervision system, consisting of laws and regulations such as the Cybersecurity Law, Data Security Law, Personal Information Protection Law, Data Transfer Security Assessment Measures, and Standard Contract Measures for Personal Information Transfer, is becoming increasingly strict.

Clear data export path

In the context of the booming digital economy, number of enterprises will use digital management tools to empower enterprise operations and store enterprise operating data and business data in the data center of the system platform, so data security and data privacy is a factor that many businesses attach great importance to. So with the implementation of the new data export regulations and the further standardization of data export activities, what impact will it have on enterprise data security and processing?

Data export behavior:

1. Data processors will transfer and store data collected and generated during domestic operations overseas;

2. The data collected and generated by the data processor is stored within the country, and overseas institutions, organizations or individuals can query, retrieve, download and export it;

3. Other data export activities specified by the Cyberspace Administration of China.

Apart from functional differences, the other biggest difference in management software is the location of the data center. Starting from the data export situations stipulated in the above regulations, if the data center of the software used is set up overseas or the domestic data can be accessed overseas (whether it is local deployment or domestic data center), it falls within the scope of data export behavior and needs to be handled accordingly in accordance with the regulations. Data export procedures.

For the implementation of data export regulations such as the "Data Export Security Assessment Measures" and the "Standard Contract Measures for Personal Information Export", the following provisions are made (partial interception):

1. If the data generated in activities such as international trade, academic cooperation, transnational manufacturing, and marketing are exported abroad and do not contain personal information or important data, there is no need to declare a data export security assessment, enter into a standard contract for personal information export, or pass personal information protection Certification.

2. If the data has not been notified by relevant departments or regions or has been publicly released as important data, the data processor does not need to declare the data as important data for export security assessment.

According to the above regulations, if an enterprise is not a critical infrastructure operator and the data does not involve personal information or important data, it does not need to declare a data export security assessment, enter into a standard contract for personal information export, or pass personal information protection certification. The data involved in most enterprise management software is non-important data. Therefore, factors such as the location of the software's data center will not have too much impact on the data outbound path.

In addition, the above data export regulations have adjusted the applicable standards for pre-export supervision of data export, exempted the obligation of pre-exit supervision of data with strong necessity for export and the export of a small amount of personal information, and reduced the data compliance costs of enterprises.

What are the risks associated with cross-border data flow? For enterprises, data export means that they may face risks such as data tampering, destruction, leakage, loss, and illegal use. Therefore, it is particularly important whether overseas receiving capabilities and technical measures can ensure the security of outbound data.

As a mature global cloud ERP, Oracle NetSuite adopts a hybrid governance model to manage user information privacy compliance. To this end, Oracle NetSuite has established a privacy office to implement and manage privacy programs covering all NetSuite business locations around the world to ensure the security, privacy and compliance of NetSuite SaaS products.

Oracle NetSuite information privacy protection mechanism

Oracle NetSuite holds a variety of security and privacy certifications and is continually exploring additional industry certifications and attestation reports that further demonstrate Oracle NetSuite's security and privacy posture. Oracle NetSuite currently has two privacy certifications:

• ISO 27018:2019. Oracle NetSuite has extended the ISO 27001 information security management system to include the ISO 27018 control set, which is sufficient to prove that as a public cloud hosting provider, it adequately protects the personal information processed.

• EU Cloud Code of Conduct. The EU Cloud Code of Conduct aims to define the general requirements for cloud service providers acting as processors. Oracle NetSuite's compliance with the EU Cloud Code of Conduct (CoC) has been verified and published on the monitoring authority's public registry.

Oracle NetSuite also complies with the ISO 27701 privacy information management system standard, which is the benchmark for global enterprise management privacy. This privacy information management system overlays the information management system and develops as the business matures.

There is a long way to go to ensure the compliance and security of cross-border data flows. Oracle NetSuite cloud platform has been committed to improving enterprise data security.


Links:Oracle   |  NetSuite   |  Funacc   |  NetSuite Status
Copyright © 2012-2021 By Hitpoint Cloud Co.,Ltd. All Rights Reserved. ICP:12043419-1