China: National Cybersecurity Standardisation Technical Committee closes consultation on guide on cross-border processing protection requirements for personal information in the Guangdong–Hong Kong–Macao Greater Bay Area (Mainland and Macao)

On 5 January 2026, the National Cybersecurity Standardisation Technical Committee closes the public consultation, which had been open since 22 December 2025, on the Cybersecurity Standards Practice Guide on cross-border processing protection requirements for personal information in the Guangdong–Hong Kong–Macao Greater Bay Area (Mainland and Macao). The consultation concerned technical guidance on the protection of personal information in cross-border processing between Mainland China and the Macao Special Administrative Region within the Guangdong–Hong Kong–Macao Greater Bay Area. It was aligned with the Personal Information Protection Law of the People’s Republic of China, the Data Security Law of the People’s Republic of China, and the Personal Data Protection Law of the Macao Special Administrative Region. The scope included definitions, processing principles, lawful bases, collection and retention requirements, entrusted processing and disclosure, cross-border transfer and reception arrangements, security safeguards and governance, incident response, and the protection of personal information rights.