According to the draft regulation, data users can be fined up to 10 million yuan ($1.56 million) for violation of the stipulations concerning data provided to regions outside China.
The Cyberspace Administration of China (CAC) has unveiled the regulations that included a proposed data classification and security framework, seeking public feedback on the draft legislation by December 13, Global Times reported.
Also Read | Lame excuses will force us to audit spending on popularity slogans: SC to Delhi on air pollution
China will soon establish a hierarchical data classification management and protection system.
"The regulation stipulates that data is classified into three categories -- general, important and core -- based on their degrees of impact on and significance to national security, public interests or the legitimate rights and interests of individuals or organisations," the report said on Sunday.
The core of cybersecurity is data security, which attaches great importance to national security, public interests and personal legal rights.
Also Read | India reports 10,229 fresh Covid cases, 125 deaths
The release of the draft regulation makes China's legal system on data protection a "practical" and "performable" action, said Qin An, head of the Beijing-based Institute of China Cyberspace Strategy.
"The draft regulation not only ensures mobility of data as a key production factor, but also protects its security," Qin was quoted as saying.
The use of biometric data, such as face, fingerprint, gait and voice should also not be used as the only means of personal identification, according to the draft regulation.
In addition, organisations must not refuse to provide services or "hinder" normal services, should data owners choose not to consent to the collection of their personal information not deemed necessary for the provision of such services.