China: National Cybersecurity Standardisation Technical Committee opened consultation on guide on cross-border processing protection requirements for personal information in the Guangdong–Hong Kong–Macao Greater Bay Area (Mainland and Macao)

On 22 December 2025, the National Cybersecurity Standardisation Technical Committee opened a public consultation, until 5 January 2026, on the Cybersecurity Standards Practice Guide on cross-border processing protection requirements for personal information in the Guangdong–Hong Kong–Macao Greater Bay Area (Mainland and Macao). The guide provides technical guidance on safeguarding personal information during cross-border processing between Mainland China and the Macao Special Administrative Region within the Guangdong–Hong Kong–Macao Greater Bay Area. It is based on the Personal Information Protection Law of the People’s Republic of China, the Data Security Law of the People’s Republic of China, and the Personal Data Protection Law of the Macao Special Administrative Region. The consultation addresses scope and terminology, processing principles, legal bases, collection and retention, entrusted processing and disclosure, cross-border transfer and reception, security and governance measures, incident handling, and the protection of personal information rights.