Description

Issued Cyberspace Administration compliance guidelines for cross-border data transfers

On 19 November 2024, the Cyberspace Administration of China (CAC) issued guidelines for compliance with regulations on cross-border data transfers. These guidelines are based on Article 37 of the Cybersecurity Law, Article 31 of the Data Security Law, and Article 38 of the Personal Information Protection Law. The CAC noted that these regulations aim to balance data security with business needs and produced these guidelines to aid compliance. Article 37 of the Cybersecurity Law stipulates that personal information and sensitive data collected by operators of critical information infrastructure during domestic operations must be stored within China. If a cross-border data transfer is necessary for business purposes, a security assessment must be conducted. Article 31 of the Data Security Law emphasises the protection and classification of important data across industries and organizations, with the National Data Security Coordination Mechanism defining what is classified as important data. Article 38 of the Personal Information Protection Law governs personal information, including sensitive personal information. It states that cross-border transfers are permitted if the businesses pass the security assessment defined in the Cybersecurity Law, obtain a personal information protection certification through a professional institution approved by the CAC, or sign a standard contract provided by the CAC with the overseas recipient.

Original source

Scope

Policy Area
Data governance
Policy Instrument
Cross-border data transfer regulation
Regulated Economic Activity
cross-cutting
Implementation Level
national
Government Branch
executive
Government Body
other regulatory body

Complete timeline of this policy change

Hide details
2024-11-19
adopted

On 19 November 2024, the Cyberspace Administration of China (CAC) issued guidelines for compliance …

We use cookies and other technologies to perform analytics on our website. By opting in, you consent to the use by us and our third-party partners of cookies and data gathered from your use of our platform. See our Privacy Policy to learn more about the use of data and your rights.