Standardized Contract for Personal Data Export from China

The need to protect personal data is growing in China

According to a report by China News Agency (http://m.chinanews.com/wap/detail/zw/cj/2023/02-24/9960284.shtml), the Cyberspace Administration of China announced the "Measures of Standard Contract for Exporting Personal Information Abroad", which has come into force from June 1, 2023. Fang Yu, director of the Internet Law Research Center at the China Information and Communications Research Institute, stated that the introduction of the "Measures" is an important measure for China to promote the cross-border flow of personal information and actively integrate into the global digital economic development trend. The "Measures" respond to the needs of small and medium-sized enterprises for cross-border transfer of personal information, providing legal protection for their cross-border business cooperation while reducing their burden.

The contract terms template referenced commonly used international standards while fully considering the localization of Chinese law, with a focus on international compatibility.

International Standard for Privacy Information Management System

Common international standards for information security and personal data privacy include ISO 27001, ISO 27701, etc. A certified management system indicates that your organization handles risks in a structured manner and is committed to continuous improvement (CIP), making it more resilient to adverse effects. Using this series of standards will help your organization manage the security of assets such as financial information, intellectual property, employee data, or information entrusted to you by third parties. Unlike ISO 27001, the ISO 27701- the management standard for privacy management systems no longer only focuses on "information security," but also on "information security and privacy." In addition, there is more supplemental content for information security itself.

Certification against ISO 27701 can help an organization systematically address the risks associated with the personal data protection regulations, such as GDPR of EU and Personal Information Protection Law of China.

Relevant Services by DQS

• DQS provides accredited ISO 27701 Certification and ISO 27001 Certification services. 
• DQS Academy provides training courses to help customers understand the standards.