The coming into effect of the Measures for the Security Assessment of Outbound Data Transfers (the “Measures”) on September 1 is expected to trigger a series of security assessments conducted by the Cyberspace Administration of China (the “CAC”). Any “data processor” planning to transfer to another country “important data” collected and generated inside China is required to pass the CAC’s security assessment. If the CAC decides against the data processor, can the CAC’s decision be challenged in court?
How will the security assessment process stated in the Measures for the Security Assessment of Outbound Data Transfers impact the operations of foreign companies in China? Are there any practical insights that can be shared to enable data processors to go through the process fairly smoothly?