Transferring Data from China to Other Countries Could Become Costly & Difficult†
Digest | 文摘
To comply with the Measures for the Security Assessment of Outbound Data Transfers (the “Measures”; effective September 1, 2022), which was formulated by the Cyberspace Administration of China (the “CAC”) in accordance with the country’s Cybersecurity Law, Data Security Law, and Personal Information Protection Law, any “data processor” planning to transfer to another country “important data” or “personal information” collected and generated during the data processor’s operations within the territory of China must go through a security assessment process as provided in the Measures. Failure to comply with the Measures could lead to criminal liability.
The security assessment process mainly involves the submission of various “declaration materials” by data processors to the CAC through its provincial offices. The assessment conducted by the CAC may go beyond the time limits stated in the Measures “if the situation is complicated or materials need to be supplemented or corrected”. In addition, the result of passing the security assessment for outbound data transfers is valid for only two years.
How will this security assessment process impact the operations of foreign companies in China? Are there any practical insights that can be shared to enable data processors to go through the process fairly smoothly?
† This piece was contributed by Yu Liu and edited by SINOTALKS.COM.
Related Articles | 相关文章
Consultation, Training, & Speaking Engagements
If you need strategic solutions to problems affecting your business/professional activities in China and/or beyond, contact us at email@example.com. We will be delighted to offer our assistance through consultation, customized training, and/or speaking engagements.