Today, we are joined by Dimitri Phillips, Counsel from the PrivacyRules exclusive law firm member in China, DaHui Lawyers. In this privacyespresso episode, Dimitri shares his expertise on data protection, privacy and the TMT industry to shed light on the recent changes made by the Chinese regulators on data transfer.
The Chinese data regulator has, indeed, simplified the transfer of personal information (PI) and sensitive personal information (SPI) for international companies operating in China. Previously, stringent requirements mandated security assessments or standard contracts for data transfers, impacting various aspects like human resources and international customer dealings. However, recent changes exempt certain PI transfers from these requirements, streamlining processes, particularly for HR management data. While basic data processing requirements like obtaining consent from data subjects remain unaffected, specific situations of data transfer, particularly involving PI, now no longer necessitate security assessments or standard contracts.
This shift signifies a substantial easing of regulatory measures, also with certain thresholds for security assessments being increased and time periods reduced. These adjustments allow more companies to transfer data out of China without extensive regulatory burdens. Despite these changes, data regulation remains a growing concern globally, with countries continuously issuing new regulations. While the recent easing of PRC regulations is promising for international business operations in China, it’s essential to recognize that data regulation complexities remain, and further changes may occur in the future.
Nonetheless, these developments signal a positive direction for facilitating international business operations in China amidst evolving data regulatory landscapes.
🎙️ Listen to the podcast episode here: https://bit.ly/3JUrP9z