China: Closed consultation on Measures for the Administration of Data Security in the Business Field of the People's Bank of China including cross-border data transfer

On 24 August 2023, the public consultation closed on the People's Bank of China (PBC) 's Measures for the Administration of Data Security in the Business Field of the People's Bank of China, including cross-border data regulation. The Measures specify that entities processing data have to adhere to state Internet information department provisions when transferring data overseas. The Measures specify that entities are required to conduct and submit a security assessment for data export and prohibit intentional data splitting to avoid conducting security assessments. Furthermore, entities must also maintain records of the scale and scope of data exported abroad, as well as related self-assessment reports and security assessment declarations for the validity period. Finally, the entities are prohibited from sharing data stored in China with International Organizations and Foreign Financial Regulatory Departments without the approval of PBC and other relevant competent departments.