Shanghai Introduces the Chief Data Officer System in Telecom and Internet Industries

Posted by Written by Giulia Interesse Reading Time: 6 minutes

Shanghai requires companies in the telecom and internet sector to establish a Chief Data Officer (CDO) role per new guidance norms. The CDO system enables the organization to embrace new technologies and leverage data for improved business outcomes. We discuss the role of the CDO in an organization, Shanghai’s latest reporting requirements, and the evolution of the CDO system in China.


 The Shanghai Communications Administration released its Guidance for the Establishment of the Chief Data Officer System in the Telecom and Internet Industries in Shanghai (hereinafter referred to as “Guidance”) on June 6, 2023.

By introducing a Chief Data Officer (CDO) system, the Shanghai Communications Administration aims to strengthen data governance and enhance strategic decision-making in these industries. It is yet another important step towards promoting data security, privacy, and effective data management in the rapidly changing telecom and internet landscape.

Below we discuss key aspects of how the CDO system is expected to function, including role responsibilities and relevance to China’s overall data governance and oversight of the telecom and internet sector.

What is a CDO and what do they do?

A chief digital officer (CDO) is an executive responsible for guiding an organization in leveraging digital technologies and data to drive business value. They play a crucial role in leading the digital transformation efforts of a company, helping it adapt to the changing digital landscape.

This involves overseeing the implementation of digital strategies and initiatives that utilize technologies like cloud computing, artificial intelligence (AI), machine learning, automation, the Internet of Things (IoT), mobile applications, and social media.

The CDO is responsible for driving digital innovation and ensuring that the company’s technology architecture, business processes, products, roles, job descriptions, and corporate culture align with the digital transformation goals. They provide strategic leadership and manage the organizational change required to successfully transition to a data-centric business model.

The CDO role emerged around 2010, as companies recognized the need to develop digital strategies to meet changing consumer expectations and stay competitive.

However, amid rapid changes in technology application, the responsibilities associated with the CDO position are expanding. As technologies like AI and robotics redefine customer experiences and business operations, the CDO plays a critical role in leveraging these advancements to drive business growth and success.

Establishment of the CDO system in Shanghai

The Guidance document provides clarity on several details regarding the establishment of the CDO system for Shanghai companies in the telecom and Internet industries. These include:

  • Position of the CDO in the management hierarchy: The CDO must hold a senior management position within the enterprise, responsible for data governance. Their role involves implementing strategic data initiatives, approving overall data security strategies, and coordinating resources for data development and security. Additionally, the CDO promotes data integration, strengthens the market for data elements, and ensures the orderly implementation of data security measures.
  • Organizational structure: A well-defined structure with clear responsibilities is essential for an effective CDO system. This includes developing policies, regulations, and standards for data security and utilization, clarifying data ownership, establishing security technology architectures, and enhancing data governance assessment mechanisms.
  • Dedicated positions: The company should assign dedicated positions responsible for data processing, circulation, and utilization. These positions handle communication, coordination, and daily liaison work related to data. Furthermore, additional positions support data collection, management, and operations, assisting business unit heads in planning and designing application scenarios.
  • Internal support: All internal departments must provide full support to the CDO and their management organization, ensuring the successful implementation of data management measures.

Responsibilities of the CDO as highlighted in the Guidance

As highlighted in the Guidance, once established, the CDOs in Shanghai telecom and Internet companies will be responsible for the following:

  • Developing data governance strategy: The CDO formulates the enterprise’s data governance strategy, aligning data objectives with business objectives. They monitor market competition, technology trends, and data security advancements, treating data as a strategic asset. The CDO fosters a data asset culture, provides training and education, and enhances data governance awareness among staff members.
  • Optimizing data governance and development: The CDO strengthens communication with government departments, ensuring compliance with laws and regulations while exploring open data strategies. They coordinate data resources, facilitating exchange, sharing, integration, and functional coordination. This leads to cost reduction, efficiency improvement, and market-oriented data element allocation.
  • Enhancing data compliance and security: The CDO ensures compliance with relevant laws and regulations, establishing a robust data security system based on critical and core data protection. They implement mechanisms for data classification, catalog management, and risk assessment, strengthening management and technical capabilities for effective data protection and utilization.

CDO filing mechanism for Shanghai companies

Telecom and Internet companies must implement an enterprise CDO filing mechanism to comply with regulatory requirements. The company must complete the “Enterprise Chief Data Officer Filing Form (Trial),” which can be accessed here.

The form should be signed by the legal representative and stamped with the official seal before being submitted to the Shanghai Municipal Administration of Communications for filing. Any personnel changes or updates should be promptly filed within five working days to ensure accurate and up-to-date information. Key information in the form must include the applicant’s experience and relevant achievements in the field of data governance, and the intended organizational structure of the CDO within the company.

The development of CDO in China

The development of the CDO role in China has gained significant traction in recent years as the country continues to embrace digital transformation and emerging technologies. Several cities in China have recognized the importance of digital leadership and have implemented the CDO position to drive innovation, enhance competitiveness, and accelerate their digital agendas.

In 2021, Guangdong Province took the lead in piloting the CDO system in its government departments and bureaus. This pilot program is the first of its kind in China and aims to explore the role of CDOs, their responsibilities, and their implications for companies. The program included 10 cities at the prefectural level or above, namely Guangzhou, Shenzhen, Zhuhai, Foshan, Shaoguan, Heyuan, Zhongshan, Jiangmen, Maoming, and Zhaoqing.

In the case of Shenzhen, for example, the municipal government released the Pilot Implementation Plan for Chief Data Officer System in Shenzhen on August 9, 2021, outlining the specific implementation details for the CDO system in the city.

These pilot programs exemplify the recognition of the importance of data management and utilization within government departments and bureaus in Guangdong Province, as well as in other cities in China.

China’s efforts to strengthen control of data governance

China’s oversight of data governance in the telecom and Internet industries has been fortified through recent regulatory developments. The Administrative Measures for Data Security for Industry and Information Technology Data (hereinafter referred to as the “Measures”), which came into effect on January 1, 2023, build upon the Data Security Law (DSL) implemented on September 1, 2021. These measures entrust data security supervision in the industry and telecommunications sector to the Ministry of Industry and Information Technology (MIIT).

Introduced by MIIT, the Measures establish a robust framework for data security regulations, providing clarity on their scope of application and outlining the security measures that industry and information technology sector data controllers must adhere to.

The Measures encompass industry and information technology data, which is further classified into the following three categories:

  • Industry data: Encompasses information generated and collected during various industrial processes, such as research and development, production, operations, and business activities.
  • Telecommunications data: Pertains to operational data from telecommunications businesses.
  • Radio data: Refers to operational data from radio businesses.

Data controllers within the industry and information technology sector, including industrial enterprises, software and information technology service enterprises, licensed telecommunication business operators, radio frequency and station users, and other relevant entities, are subject to these Measures.

Moreover, data is classified into different types based on industry requirements, business needs, data sources, and uses. The Measures also introduce a grading system, categorizing data into three levels: general, important, and core data. The grading is determined by the potential harm to national security, public interests, or the legitimate rights and interests of individuals and organizations if the data is tampered with, destroyed, disclosed, or unlawfully acquired or used. While the Measures establish the basic conditions for each level, further clarification is needed to establish precise data grading standards.

These regulatory developments exemplify China’s commitment to enhancing data security, privacy, and effective data management in the telecom and Internet industries.

In conjunction with the recently introduced CDO system outlined in the Guidance from the Shanghai Communications Administration, the government aims to further fortify data governance and strategic decision-making in these sectors, aligning with the broader framework of data security regulations in the country.

Implications for foreign companies in China

In summary, there are prospects for the professional services sector in specialized roles.

Once the CDO pilot program is finalized, it may expand to other regions as well as state-owned companies and public service units like schools. The appointment of CDOs will become more common. As a result, there will be a high demand for professionals who can support CDOs or provide outsourced services through professional agencies.

Furthermore, considering the importance of data utilization in supporting company operations and the growing complexity of compliance requirements, we encourage companies to adopt the CDO system to enhance data utilization and protection and align with the government’s priorities on data management.

About Us

China Briefing is written and produced by Dezan Shira & Associates. The practice assists foreign investors into China and has done so since 1992 through offices in Beijing, Tianjin, Dalian, Qingdao, Shanghai, Hangzhou, Ningbo, Suzhou, Guangzhou, Dongguan, Zhongshan, Shenzhen, and Hong Kong. Please contact the firm for assistance in China at china@dezshira.com.

Dezan Shira & Associates has offices in Vietnam, Indonesia, Singapore, United States, Germany, Italy, India, and Russia, in addition to our trade research facilities along the Belt & Road Initiative. We also have partner firms assisting foreign investors in The Philippines, Malaysia, Thailand, Bangladesh.