Measures for the Security Assessment of Cross-Border Data Transfer (hereinafter referred to as “the Measure") was approved at the 10th executive meeting of the Cybersecurity Administration of China on May 19, 2022, and would come into effect on September 1, 2022. The Measure is an important measure to implement the provisions of the Cybersecurity Law, the Data Security Law and the Personal Information Protection Law on cross-border data transfer, with the purpose of further regulating cross-border data transfer activities, protecting personal information rights and interests, safeguarding national security and social public interests, and promoting the security and freedom in cross-border data transfer.

The Measure specifies the conditions, processes and requirements for data processors to apply for cross-border data transfer security assessment, as well as the key contents of the assessment. As China’s first officially released regulation on cross-border data transfer, the Measure will certainly have significant impacts on cross-border data transfer activities of enterprises.

From the perspective of compliance of general business organizations, this article would like to summarize the key points proposed for cross-border data transfer security assessment, provide critical compliance roadmap on cross-border data transfer, and also explore the effective path for enterprises to implement cross-border data transfer management activities in a systematic and integrated way in the digital economy era.