Secretariat of the National Information Security Standardization Technical Committee, Cybersecurity Standard Practice Guidelines: Specifications for the Security Certification of Cross-Border Personal Information Processing Activities V2.0 (Draft for Comments)
全国信息安全标准化技术委员会秘书处网络安全标准实践指南—个人信息跨境处理活动安全认证规范V2.0 (征求意见稿)
November 18, 2022 | BY
Susan MokNew guidelines specify legal liability of personal information processor and the foreign data recipient.
Issued: November 8, 2022
Main contents: Both the personal information processor and the foreign (here and hereafter, meaning outside of mainland China) recipient shall undertake to bear legal liability for the infringement of rights and interests in personal information, and where the legal liability is not clear cut, it is borne by the personal information processor (Article 5.1(j)).
Both a personal information processor that engages in cross-border personal information processing activities and the foreign recipient shall conduct regular compliance audits of the compliance of its processing of personal information with the laws and administrative regulations of the People's Republic of China and submit to monitoring of its cross-border personal information processing activities by the certification institution, including responding to questions and cooperating in inspections (Article 5.2.2(e)).
This premium content is reserved for
China Law & Practice Subscribers.
A Premium Subscription Provides:
- A database of over 3,000 essential documents including key PRC legislation translated into English
- A choice of newsletters to alert you to changes affecting your business including sector specific updates
- Premium access to the mobile optimized site for timely analysis that guides you through China's ever-changing business environment
Already a subscriber? Log In Now