China's PIPL: Latest developments in the evolving cross-border data transfer regime

Following China’s Personal Information Protection Law (PIPL) taking effect last year, 2022 has seen significant legislative developments under the PIPL. In particular, the Cyberspace Administration of China (CAC) and other authorities have released three documents elaborating on the cross-border transfer mechanisms specified under the PIPL regarding the security assessment, obtaining certification and the standard contractual clauses.

The CAC issued detailed guidelines for the security assessment application on August 31, 2022 and subsequently the Measures for Security Assessment of Cross-border Data Transfers came into effect on September 1, 2022. The requirements for security assessment are now clear, so organizations that will likely be subject to the security assessment route should be acting to ensure their data practise is compliant with the regulations.

Please join us for a discussion regarding these developments including a comprehensive look at the requirements of the new security assessment alongside practical actions businesses need to implement to ensure adherence with the latest requirements.