Members of our Data Privacy, Cybersecurity and Digital Assets team recently hosted a webinar discussing the new requirements needed to export almost ANY personal data from China (except situations where higher obligation applies). This now includes executing a designated Standard Contract with the data recipient, completing a detailed Personal Information Protection Impact Assessment and filing both with the applicable Chinese authority. We also compared the PRC Standard Contract to GDPR Standard Contractual Clauses. During the webinar, an attendee asked, “Who is responsible for writing the impact assessment report?” The answer is: the Data Controller.
For more details, you can watch the webinar and review our written summary of the changes at this link.