Measures of Data Cross-Border Transfer Security Assessment Published
Cyberspace Administration of China (“CAC”)
September 1 2022
On July 7 2022, the Cyberspace Administration of China (“CAC”) issued an order which promulgated the Measures of Data Cross-Border Transfer Security Assessment (the “Measures”). The Measures will take effect on September 1 2022.
The Measures apply to the security assessment of key data and personal information collected and generated during operation within the territory of the People’s Republic of China and transferred abroad by a data processor.
The Measures also stipulate that under certain circumstances, the data processors who transfer data abroad shall apply to the CAC for security assessment for the outbound data transfer through the provincial cyberspace administration.
The Measures put forward specific requirements for the data cross-border transfer security assessment, highlighting the assessment’s key components. The Measures also stipulate that data processors shall conduct risk self-assessments.