Description

Adopted CAC Guidelines for the Submission of Standard Contracts for the Transmission of Personal Data

On 22 March 2024, the Cyberspace Administration of China (CAC) adopted the Guidelines for the Submission of Standard Contracts for the Transmission of Personal Data. The guidelines provide a structured process for organisations to standardise and file contracts for transferring personal data abroad. Furthermore, it mandates registration for processors meeting specific criteria, prohibits circumvention of security assessments, and outlines a detailed filing procedure. This includes material submission, inspection, feedback, and the necessity for supplements or re-filing in case of changes. In particular, processors must register with local regulatory authorities if they are not critical information infrastructure operators (CIIOs) and if, since 1 January of the given year, they have provided overseas personal information to more than 10’000 but less than one million individuals (excluding sensitive personal information), or if, since 1 January 2024, they have provided less than 10’000 individuals' personal information overseas. Failure to comply with the measures may result in authorities cancelling the registration and imposing potential legal consequences.

Original source

Scope

Policy Area
Data governance
Policy Instrument
Cross-border data transfer regulation
Regulated Economic Activity
cross-cutting
Implementation Level
national
Government Branch
executive
Government Body
other regulatory body

Complete timeline of this policy change

Hide details
2024-03-22
adopted

On 22 March 2024, the Cyberspace Administration of China (CAC) adopted the Guidelines for the Submi…

We use cookies and other technologies to perform analytics on our website. By opting in, you consent to the use by us and our third-party partners of cookies and data gathered from your use of our platform. See our Privacy Policy to learn more about the use of data and your rights.