China: Closed consultation on revised Security Certification Specifications for Cross-Border Processing of Personal Information

Compare with different regulatory event:

Description

Closed consultation on revised Security Certification Specifications for Cross-Border Processing of Personal Information

On 15 November 2022, the consultation period closed for the revised “Practice Guidelines for Cybersecurity Standards – Technical Specification for the Certification of Cross-Border Processing of Personal Information Activities”. The revised Guidelines implement China’s Personal Information Protection Law and set out basic security principles and legal requirements for cross-border transfers. The Guidelines apply to two types of cross-border transfers, internal cross-border transfers within one multinational company or one business entity, and cross-border transfers by non-Chinese business entities that process information of individuals in Chinese territory and that are subject to the extra-territorial jurisdiction of the Personal Information Protection Law. The Guidelines also establish the basic requirements for personal information protection certifications, which is a voluntary process but recommended by the authorities.

Original source

Scope

Policy Area
Data governance
Policy Instrument
Cross-border data transfer regulation
Regulated Economic Activity
cross-cutting
Implementation Level
national
Government Branch
executive
Government Body
other regulatory body

Complete timeline of this policy change

Hide details
2022-11-08
in consultation

On 8 November 2022, the Chinese National Information Security Standardisation Technical Committee (…

2022-11-15
processing consultation

On 15 November 2022, the consultation period closed for the revised “Practice Guidelines for Cybers…