On October 29,2021, in a giant move, the Cyberspace Administration of China (CAC) issued new guidelines for companies who handle data of more than 1 million persons.
The rules issued will affect not only Chinese companies but also Multinational companies that have their offices in China.
The new rules will now mandate that any company handling ‘sensitive’ and personal information of Chinese individuals seeking to send the information outside China, must undergo security checks devised by the CAC.
The order issued on Friday also details the list of documents that companies will need to provide the government with. The CAC could take upto 45 days to perform and review their checks and in special circumstances upto 60 days. The certification provided post the check will only be valid for 2 years or unless there are “changes in the legal environment of the country or region” the data is being sent to.
he measure has been taken to safeguard Chinese data as it has previously defined what is “core” data of the country that needs to be protected.
The rules however are still a draft open to public comments till November 28 post which they will most likely be adopted without any changes.