Hong Kong: PCPD issues guidance on cross-border data transfers under PIPL

On 29 December 2021, the Hong Kong Privacy Commissioner for Personal Data (PCPD) has published an article containing guidance for Hong Kong-based companies operating under mainland jurisdiction regarding cross-border data transfers under mainland China's Personal Information Protection Law (PIPL). The article points out the legal requirements of cross-border data transfers (consent, security and impact assessment, certification, data transfer contract), additional requirements for certain categories of data processors such as processors of critical information and applicable sanctions for breaches of the PIPL. Finally, violations of the PIPL are sanctioned with fines of either RMB 50 million or 5% of the previous year's turnover.