With the deepening of globalization and information technology, as well as the vigorous development of the digital economy, cross-border activities of personal information are becoming increasingly frequent, and the demand for cross-border flow of global personal information is also growing rapidly. This has brought new challenges to the export of personal information, and has also sparked increasing attention to personal information security.
In order to protect the rights and interests of personal information, regulate personal information outbound activities, and meet the growing demand for personal information outbound, the Cyberspace Administration of China formulated and passed the Measures for Standard Contracts for Personal Information Outbound (hereinafter referred to as the Measures) on February 24, 2023, which will take effect from June 1, 2023, and reserve a rectification period of six months after the effective date for enterprises, that is, they should complete the rectification before December 1, 2023.
The Measures, in response to the third approach, stipulate the scope of application, conditions for conclusion, and filing requirements of standard contracts for personal information export, clarify the relevant compliance requirements for personal information export in China through the establishment of standard contracts, and stipulate that conducting personal information export activities through the establishment of standard contracts should adhere to the combination of independent contracting and filing management, protection of rights and interests, and risk prevention, Ensure the safe and free flow of personal information across borders.
Its effectiveness has opened up the “third path” for personal information to exit the country, which is of great significance for regulating the cross-border flow of personal information, improving data cross-border management systems, and promoting international cooperation in the field of data.
In the digital economy era, data has become a new type of production factor and social wealth that is constantly shared and utilized, and has become an intangible asset with enormous value for individuals and enterprises. With the introduction of regulations such as the Personal Information Protection Law, Data Security Law, Cybersecurity Law, and Personal Information Exit Standard Contract Measures in China, new requirements have been put forward for the way enterprises process personal and important data. For any situation involving the exit of personal information, enterprises in China must comply with China’s data protection regulations, ensure appropriate security measures and legal basis, And respect the rights and privacy of personal information subjects.
Therefore, for cross-border enterprises and foreign-funded enterprises in China, it is more necessary to clarify legal and regulatory requirements such as data localization, personal information protection, and cross-border data transmission, and pay attention to five key dimensions of IT considerations:
In the practice of Acloudear serving Chinese enterprises going to sea and global enterprises promoting the implementation of SAP projects in China, we also encountered many system scenarios of cross-border data transmission. Based on the customer-centric service concept, to meet the diversified data needs of enterprises while ensuring legal compliance, Acloudear launched the Service pack for Personal Privacy Data Protection of Shared Network PIPL this year.
The Service pack aims at the cross-border transmission of consumer personal information, such as customer name, address, payment information, market research data, etc., for customers’ overseas expansion in new markets, the entry management of personal information, such as name, education, mobile phone, registered residence, health status, etc., for multinational enterprises’ overseas recruitment and employee management, as well as the cross-border transmission, backup, Big data analysis and other data outbound activities of the group’s multi company data, Based on SAP BTP platform, personal information data is encrypted, hidden and replaced in the process of system data processing to achieve Data masking. In addition, data audit, monitoring, identity verification and synchronous management of data cross-border transmission help enterprises to establish transparent and manageable personal data processing processes, protect personal data privacy, protect the security of enterprise data assets, and ensure legal and compliant use, And meet constantly changing personal data protection regulations.
Click to view scheme details:
This article "Data goes to sea and protection is effective: opening the secure path for personal information to exit the country" by AcloudEAR. We focus on business applications such as cloud ERP.
Scanning QR code for more information