![]() If consent is being used as the legal basis for the transfer of personal information outside of China, then it is important to obtain it from the data subject or their parent or guardian if the data subject is under 14 years of age. In addition to this, the principle of data minimization should be followed while sharing personal information with recipients abroad. ![]() When handling personal information, data exporters must comply with relevant laws and regulations. Additionally, it lays down a number of responsibilities for the data exporters, processors and overseas recipients. The overseas recipient may have additional conditions for the transfer of personal information, but these conditions should not be in conflict with the “Model Contract”. Organizational Responsibilities under SCCs RegulationsĪrticle 6 of the SCCs stipulates that the standard contract must strictly be in accordance with the Model Standard Contract for Personal Information Exit (“Model Contract”) provided in the Annexure of SCCs Regulations. ![]() This would help assess the mechanisms under the regulatory or legal framework in the recipient country/region for the protection of personal information. Additionally, the organization and the recipient must take into account the policies, rules and regulations of the region the overseas recipient is located and if the recipient is part of any global or regional organization in relation to personal data protection. If previously any cross-border transfer took place with the same recipient, must make a note of any security incidents that occurred. Before the transfer of personal information belonging to a data subject outside of China, both data exporter and overseas recipients must ensure that they have assessed the type, scope, sensitivity or personal information and the scale and frequency of transfer. The personal information exit activities will only be carried out once the standard contract has been concluded between the data exporter and the overseas recipient. If the organizations/data exporters process the personal information of more than 1 million individuals or send personal information or sensitive personal information of more than 100,000 or 10,000 individuals respectively, then Assessment Measures must be adopted. It is important to note that organizations exporting the data (“data exporter”) are not allowed to segment/split the data volume to avoid the security assessment conducted by the CAC by concluding standard contracts. If less than 10,000 sensitive personal information has been provided abroad from January 1 of the previous year.A total of less than 100,000 personal information has been provided abroad from January 1 of the previous year.Processing personal information of less than 1 million people.Non-critical information infrastructure operators.Personal information exit activities can only be carried out after the standard contract takes effect and therefore, organizations/data exporters must adopt standard contracts as per the SCCs Regulations.īusinesses adopting the standard contracts must fulfill all of the following criteria: In particular, these regulations outline the terms, conditions, and filing requirements of standard contracts, present a sample standard contract, and provide comprehensive guidelines for the transfer of personal information abroad. ![]() The SCC Regulations control the export of personal information from China to an overseas recipient. To further help with understanding the SCCs, the National Internet Information Office of China also released accompanying FAQ guidance. The SCCs will come into effect on 01 June 2023 and organizations have a 6-month grace period to ensure that their data transfer activities are in compliance with the SCC Regulations. The SCC Measures provide one the mechanisms for the cross-border transfer of personal information alongside Security Assessment Measures (“Assessment Measures”) and Cross-border Certification Guidelines (“Certification Guidelines”) as stipulated by Article 38 of Personal Information Protection Law (PIPL) of China. The National Internet Information Office of China issued the Measures for Standard Contracts for the Exit (Export) of Personal Information (“SCCs Regulations or SCCs”) on 24th February 2023. To stay compliant with regulations and protect their data from cyber threats, they must stay on top of the most recent advancements. Organizations of all sizes face major problems as a result of the continuously evolving data protection landscape. As a result, new laws, rules, and technologies are fast emerging to solve these issues, changing the data protection environment. The threats and difficulties posed by protecting it are increasing at an unprecedented rate, along with the volume of data being produced and exchanged. Data protection has emerged as a crucial concern for individuals, companies, and governments alike in today's increasingly digital world.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |