A personal information handler that truly needs to provide personal information for a party outside the territory of the People’s Republic of China for business sake or other reasons, shall meet one of the following requirements:
- passing the security assessment organized by the national cyberspace department in accordance with Article 40 of this Law;
- obtaining personal information protection certification from the relevant specialized institution according to the provisions issued by the national cyberspace department;
- concluding a contract stipulating both parties’ rights and obligations with the overseas recipient in accordance with the standard contract formulated by the national cyberspace department; and
- meeting other conditions set forth by laws and administrative regulations and by the national cyberspace department.
Where an international treaty or agreement that the People’s Republic of China has concluded or acceded to stipulates conditions for providing personal information for a party outside the territory of the People’s Republic of China, such stipulations may be followed.
The personal information handler shall take necessary measures to ensure that the personal information handling activities of the overseas recipient meet the personal information protection standards set forth in this Law.
- Certain transfers requiring security assessment
- Approval needed for transfers to foreign authorities
- List of restricted overseas recipients
- Consent for cross-border transfers
- Impact assessment required for cross-border transfers
Relevant PIPL Compliance Documents
(Subscription Services Required)
- 2023 PIPL Standard Contractual Clauses (SCCs) template
- PIPL SCCs Power of Attorney template
- PIPL SCCs Letter of Commitment template
- Cross-border transfer PIPL impact assessment template
- 2023 Measures for the Standard Contract for the Outbound Transfer of Personal Information
- 2023 PIPL SCC Filing Guidelines
- 2021 Outbound Data Transfer Security Assessment Measures
- 2022 Guidelines for Application of Data Exit Security Evaluation (First Edition)
- 2017 IT Guidelines for Cross-border Data Transfer