A Practical Guide: How to make China’s SCC work for your business
Title: A Practical Guide: How to make China’s SCC work for your business
Author: Peng Cai
Law firm: Zhong Lun
Article 38 of the Personal Information Protection Law stipulates four compliance paths for cross-border transfer of personal information, namely: (1) passing the security assessment organized by the Cyberspace Administration of China (the “CAC”); (2) obtaining the protection certification by a specialized agency; (3) entering into a standard contract formulated by the CAC; and (4) meeting other conditions set forth by laws and administrative regulations and by the CAC.
On 24 February 2023, the CAC issued the Measures for Standard Contract for Cross-border Transfer of Personal Information, which officially announced the implementation of the third path of the “four paths” for cross-border transfer of personal information.
This article analyses the key elements of the Standard Contract for Cross-border Transfer of Personal Information, with the aim of assisting relevant enterprises in carrying out compliance work on cross-border data transfer.