On February 14, 2025, the Cyberspace Administration of China (CAC) published the Administrative Measures for Compliance Audits on the Protection of Personal Data, which will come into effect on May 1, 2025. The new regulations apply to all companies in China that process personal data and define clear requirements regarding the frequency of self-assessments as… Continue reading New Regulations for Data Audits
Tag: personal data
Standard contract for data export
On May 30, 2023, the Cyberspace Administration of China (CAC) published a guide for the registration of the Standard Contract for Personal Data Export, which explains the process, materials and results of the registration of the Standard Contract for Personal Data Export and provides some template for the registration of materials. The Standard Contract Measures… Continue reading Standard contract for data export
Cross-Border Data Transfer outside China: Attentive to the Rectification Period
Companies operating in China should be attentive to the Measures on Security Assessment of Cross-Border Data Transfers (Measures), published on July 7, 2022, as they take effect as early as September 1, 2022. Among other things, the Measures require data processors to conduct a security assessment when: 1. Providing critical data outside of China. 2.… Continue reading Cross-Border Data Transfer outside China: Attentive to the Rectification Period
Compliance Requirements for Software Development Kits (SDK)
China continues to regulate the collection of private data in apps. For example, the importance of compliance with software development kits (SDKs) has increased significantly. Since June 2021, the authorities have been cracking down on the illegal use of SDKs in apps with SDK Security Special Actions. A software development kit is a collection of… Continue reading Compliance Requirements for Software Development Kits (SDK)
New Data Exchanges in China
On April 10, 2022, the Chinese government announced to accelerate the construction of the unified domestic market. Part of this is to also establish a data market to promote Big Data applications and AI development, focusing on data security and control of cross-border data transfer. To be allowed to provide data outside China, data processors… Continue reading New Data Exchanges in China
Data Compliance Can Prevent Penalties
Due to the three laws in the field of data – the Cyber Security Law, the Data Security Law and the Personal Information Protection Law – companies in China must set up a complete system to comply with data protection and security regulations. A good data compliance system can avoid warnings from administrative authorities during… Continue reading Data Compliance Can Prevent Penalties
First Tribunal for Data Resources Established
China continues to forge ahead in the development of the digital economy. For example, on May 18, 2022, China’s first professional court to handle cases related to data resources was established – the Data Resource Tribunal of Wenzhou Ouhai District People’s Court. The background: with the development of the digital economy, the production, storage, use… Continue reading First Tribunal for Data Resources Established
New Specifications: IT Security of Apps in China
On November 1, 2022, the national standard GB/T 41391-2022 “Information Security Technology Basic Requirements for Mobile Internet Applications (Apps) Collecting Personal Information,” published in April, will come into force. It applies to all app operators in China and is intended to regulate personal information collection activities. This standard is relevant to all companies that operate… Continue reading New Specifications: IT Security of Apps in China
App Certification in China
There are various certifications in China for protecting personal data in apps. The most important is the App Security Certification of the China Cybersecurity Review Technology and Certification Center (CCRC). It applies to apps of all service types, for example, apps developed and used in the smart home sector. However, there is one important requirement… Continue reading App Certification in China
First Corporate Data Compliance Guideline in China
On January 30, 2022, Shanghai issued the first official Corporate Data Compliance Guideline. The 38-article document guides companies to strengthen their data management in terms of data compliance, identification, assessment and elimination of data risks. The guideline emphasizes that a company’s management is responsible for data compliance and recommends that a dedicated data compliance management… Continue reading First Corporate Data Compliance Guideline in China
China Intellectual Property Blog 