China releases long-awaited data transfer rules
Review your data practices now – China's Cyberspace Administration ("CAC") releases long-awaited rules updates
During the last two weeks, China's Cyberspace Administration (CAC) released two significant updates to its data protection and compliance framework: the final language of the Measures for the Security Assessment of Outbound Data Transfers ("Measures") and the draft Regulations of Standard Contracts for Cross-border Transfer of Personal Information ("SCCRs"). The Measures become effective on 1 September 2022, while the SCCs are still open for public comment until 29 July 2022.
The Measures and the SCCRs are in line with China's years-long push towards creating a coherent, workable compliance framework for companies that need to engage in cross-border data transfers, but have been waiting for regulators to provide guidance on how they can do so in a legally compliant manner. Below are brief primers on both.