China: Security Certification Specifications for Cross-Border Processing of Personal Information implemented

On 24 June 2022, China's National Information Security Standardization Technical Committee adopted the “Practice Guidelines for Cyber Security Standards - Security Certification Specifications for Cross-Border Processing of Personal Information”. The guidelines implement the Personal Information Protection Law and outline security principles and legal requirements for the cross-border transfer of personal data. In particular, companies transferring personal data are required to sign legally binding contracts with the foreign recipient or data processor, outlining their obligations to implement security measures to protect the data subject's rights and comply with the relevant Chinese laws. Finally, the guidelines list the rights of data subjects, organizational management requirements and rules for conducting an impact assessment of data protections in foreign countries.