Compare with different regulatory event:
On 20 August 2021, the National People's Congress of the People's Republic of China (NPC) announced the adoption of the Personal Information Protection Law (PIPL) through an order by Xi Jinping, the President of the People's Republic of China. It represents China's first comprehensive law in the area of personal information protection. Next to general rules for the handling of personal information, the law includes obligations regarding data transfer in Art. 38-40. In order to provide personal information outside the People’s Republic of China due to business needs, one of the following conditions shall be met: (1) Pass the security assessment organized by the Cybersecurity Administration of China in accordance with Art. 40 PIPL; (2) Conduct personal information protection certification by professional institutions in accordance with the regulations of the Cybersecurity Administration of China; (3) Enter into a contract with the overseas recipient in accordance with the standard contract formulated by the Cybersecurity Administration of China, stipulating the rights and obligations of both parties; (4) Other conditions stipulated by laws, administrative regulations or national cyberspace administration departments. Additionally, it is set out in Art. 39 PIPL that when a personal information processor provides personal information outside the People’s Republic of China, it shall inform the individual of the name or name of the overseas recipient, contact information, processing purpose, processing method, types of personal information of the overseas recipient. The PIPL will come into effect on 1 November 2021.
Original source