Transferring Data from China to Other Countries Could Become Costly & Difficult



Digest | 文摘

To comply with the Measures for the Security Assessment of Outbound Data Transfers (the “Measures”; effective September 1, 2022), which was formulated by the Cyberspace Administration of China (the “CAC”) in accordance with the country’s Cybersecurity Law, Data Security Law, and Personal Information Protection Law, any “data processor” planning to transfer to another country “important data” or “personal information” collected and generated during the data processor’s operations within the territory of China must go through a security assessment process as provided in the Measures.  Failure to comply with the Measures could lead to criminal liability.

The security assessment process mainly involves the submission of various “declaration materials” by data processors to the CAC through its provincial offices.  The assessment conducted by the CAC may go beyond the time limits stated in the Measures “if the situation is complicated or materials need to be supplemented or corrected”.  In addition, the result of passing the security assessment for outbound data transfers is valid for only two years.

How will this security assessment process impact the operations of foreign companies in China?  Are there any practical insights that can be shared to enable data processors to go through the process fairly smoothly?

要遵守中国国家互联网信息办公室根据《网络安全法》、《数据安全法》和《个人信息保护法》制定的《数据出境安全评估办法》(“《办法》”;自2022年9月1日起施行) ,任何拟将在中国境内运营中收集和产生的“重要数据”或“个人信息”出境至其他国家的“数据处理者”必须按照《办法》的规定通过安全评估。不遵守《办法》可能会导致刑事责任。



This piece was contributed by Yu Liu and edited by SINOTALKS.COM.

* 此文章由刘玉提供,并由丝络谈™编辑。