Compare with different regulatory event:
On 1 November 2021, the National People's Congress of the People's Republic of China (NPC) implemented the Personal Information Protection Law (PIPL). It represents China's first comprehensive law in the area of personal information protection. Next to general rules for the handling of personal information, the law includes obligations regarding data transfers in Art. 38-40. In order to provide personal information outside the People’s Republic of China due to business needs, businesses must fulfill the following conditions: (1) Pass the security assessment organized by the Cybersecurity Administration of China in accordance with Art. 40 PIPL; (2) Conduct personal information protection certification by professional institutions in accordance with the regulations of the Cybersecurity Administration of China; (3) Enter into a contract with the overseas recipient in accordance with the standard contract formulated by the Cybersecurity Administration of China, stipulating the rights and obligations of both parties; (4) Other conditions stipulated by laws, administrative regulations or national cyberspace administration departments. Additionally it is set out in Art. 39 PIPL that when a personal information processor provides personal information outside the People’s Republic of China, it shall inform the individual of the name or name of the overseas recipient, contact information, processing purpose, processing method, types of personal information of the overseas recipient.
Original source