2022年7月7日,国家互联网信息办公室(“网信办”)发布《数据出境安全评估办法》,自2022年9月1日起施行。《出境评估办法》规定了应当申报数据出境安全评估的情形并提出了数据出境安全评估的具体要求。
On 7 July 2022, the Cyberspace Administration of China (CAC) issued the “Measures for Cross-border Data Transfer Security Assessment” (the “Security Assessment Measures”), effective from 1 September 2022. The Security Assessment Measures specify the circumstances under which a cross-border data transfer security assessment (the “Security Assessment”) shall be declared, and proposes specific requirements for the Security Assessment.
2022年11月4日,国家互联网信息办公室发布《关于实施个人信息保护认证的公告》,自2022年11月4日起施行。《公告》明确了个人信息保护认证的实施细则,其中规定认证的依据为GB/T 35273《信息安全技术 个人信息安全规范》,对于开展跨境处理活动的个人信息处理者,还应当符合TC260-PG-20222A《个人信息跨境处理活动安全认证规范》的要求。
On 4 November 2022, the CAC issued the “Announcement on the Implementation of Personal Information Protection Certification” (the “Announcement”), effective from 4 November 2022. The Announcement specifies the implementation rules for personal information protection certification, which requires personal information processors to comply with GB/T 35273 “Information Security Technology Personal Information Security Specification”. Processors engaged in cross-border processing activities shall also comply with the requirements of TC260-PG-20222A “Security Certification Specification for Personal Information Cross-border Processing Activities” (the “Certification Specification”).
2023年2月24日,国家互联网信息办公室发布《个人信息出境标准合同办法》及其附件《个人信息出境标准合同》,自2023年6月1日起施行。
On 24 February 2023, the CAC issued “Measures for Standard Contracts for Cross-border Transfer of Personal Information” (the “Measures for Standard Contract”) and the “Personal Information Cross-border Transfer Standard Contract” (the “Standard Contract”), effective from 1 June 2023.
展开全文
至此,个人信息出境三大合规路径具已明确。本文基于新近出台的《个人信息出境标准合同办法》及相关适用要求,结合毕马威个人信息保护管理服务实践经验,期待为企业合理应对数据出境合规要求,开展个人信息保护管理和影响评估工作提供建议和参考。
With that, the three compliance paths for cross-border transfer of personal information have been defined. Starting with the new regulation “Measures for Standard Contracts for Cross-border Transfer of Personal Information” and relevant applicable requirements, and leveraging our service experience of personal information protection management, KPMG prepared this publication to provide insights and recommendations about how companies can adequately address cross-border data transfer compliance requirements and how companies should effectively implement personal information protection management and impact assessment, for companies’ considerations and references.
本文内容仅供一般参考用,并非针对任何个人或团体的个别或特定情况而提供。虽然我们已致力提供准确和及时的资料,但我们不能保证这些资料在阁下收取时或日后仍然准确。任何人士不应在没有详细考虑相关的情况及获取适当的专业意见下依据所载内容行事。本文所有提供的内容均不应被视为正式的审计、会计或法律建议。
©2023毕马威华振会计师事务所(特殊普通合伙)、毕马威企业咨询(中国)有限公司及毕马威会计师事务所,均是与英国私营担保有限公司— 毕马威国际有限公司(“毕马威国际”)相关联。毕马威国际不提供任何客户服务。各成员所均为各自独立的法律主体,其对自身描述亦是如此。毕马威华振会计师事务所(特殊普通合伙) — 中国合伙制会计师事务所;毕马威企业咨询 (中国) 有限公司 — 中国有限责任公司;毕马威会计师事务所 — 香港合伙制事务所。版权所有,不得转载。毕马威的名称和标识均属于毕马威国际的商标或注册商标。
特别声明
本文仅代表作者观点,不代表本站立场,本站仅提供信息存储服务。