As noted in our previous post, the final form of the Data Export Security Assessment Measures (Measures) were released by the Cyberspace Administration of China (CAC) on 7 July 2022, and will take effect from 1 September 2022. A six-month rectification period is granted to in-scope data exports that have been conducted before the effectiveness of the Measures. Analysis of the application of the Measures to a business’s data storage strategy is critical as the Measures finally provide definitive triggers for China’s data localisation and security assessment requirements.
For a business whose processing hits one of the triggers laid out in the Measures, knowing the process of how and when to conduct an outbound data risk self-assessment plus a CAC-led security assessment will be of great importance.
We set out below is a diagrammatic flow chart of the application process, aiming to help businesses navigating the regulatory regime.
With the Measures going live in about one month, together with other fluid regulatory updates in respect of China’s standard contract and certification regime for outbound transfers of personal information, businesses in the Chinese market will need to complete their comprehensive data protection examinations and assess which data transfer mechanisms they can rely on. We are here to help!
(Many thanks to Dylan Wu for his input on the flow chart!)
China’s new rules governing how data can be sent outside the country could erode Hong Kong’s role as a gateway for international businesses to enter the mainland market, experts said.
unknownx500
/Passle/5f6c57568cb62a0d7c9eadee/SearchServiceImages/2024-02-27-12-47-18-449-65ddd9d65f7b5f15f56b5a86.jpg)
