China issues regulations on cross-border data flows
BEIJING -- The Cyberspace Administration of China on Friday issued a set of regulations on promoting and standardizing cross-border flows of data, and clarifying declaration standards for the assessment of cross-border data security and scenarios that are exempt from relevant security appraisals.
The regulations stipulate that data processors should identify and declare important data in accordance with relevant provisions. If a data processor has not been notified by relevant government departments or local authorities, or if data has not been publicly released as important data, the data processor does not need to declare its data for security assessment as important data to exit the country.
Critical information infrastructure operators must declare data when providing personal information or important data overseas, according to the regulations.
Data processors who provide important data overseas or have transferred the non-sensitive personal information of over 1 million individuals overseas or the sensitive personal information of over 10,000 individuals since the beginning of a given year must declare the data for security assessment.