Outbound Personal Information Transfer Is Better Regulated – A Brief Analysis of Regulations on Standard Contract for Cross-Border Transfer of Personal Information (Exposure) and Security Certification Procedures for Cross-Border Handling Activities of Personal Information

(By Wang Hongliang) Many businesses are perplexed by the practical problem about outbound personal information transfer compliance, especially for foreign-inveested businesses that need to provide personal information abroad in many scenarios, for example when they have to provide personal information to their headquarters or affiliates.

Article 38[1] of the Personal Information Protection Law provides that in addition to other premises, security assessment, personal information protection certification and standard contract are approaches to outbound personal information transfer compliance. According to Article 4[2] of the Measures for Data Outbound Transfer Security Assessment (Exposure), the security assessment mainly applies to the situations when personal information is collected or generated by critical information infrastructure operators, personal information handlers processing personal information of one million people or more transfer personal information abroad or personal information of over 100 thousand people or sensitive personal information of over 10 thousand people is cumulatively transferred abroad.


How will Chinese Regulations on Cross-Border Data Transfers Affect Data Compliance?

(By Gao Tianyi and You Yunting) China’s legal system for dealing with data security and personal information protection standards has been established*, but more detailed rules and standards are in the process of being formulated. This article will mainly discuss the new requirements for, and new changes in, data localization and compliance management regarding cross-border data transfers.

The analysis shows that those who use data from China should keep abreast of changes in policy orientation within the country, in order to avoid potential regulatory risks.