Cross-border data transfers affect all organizations that engage online IT services, cloud-based services, remote access services and global HR databases.
Chinese law does not generally address the issue of personal data cross-border transfer. There are a few industry-specific regulations that apply only to limited industries, e.g., banking institutions, credit reference companies, and medical institutions. The Guidelines generally prohibit cross-border transfer of personal information absent the explicit consent of the data subject, though no penalty is prescribed as a violation of the Guidelines.
The Measures on Security Assessment of Cross-border Data Transfer of Personal Information and Important Data (《个人信息和重要数据出境安全评估办法(征求意见稿)》, “the Draft Measures”) were published seeking public comment, but nothing has been finalized yet. Once adopted and passed by legislative authority, the Draft Measures will apply to “network operators," which could be broadly interpreted to include anyone who relies on a telecommunications network for the promotion or provision of products or services.
Cybersecurity Law requires “critical information infrastructure” providers to store “personal information” and “important data” within China unless their business requires them to store data overseas and they have passed a security assessment. At this point, it remains unclear what qualifies as “important data,” although its inclusion in the text of the law alongside “personal data” means that it likely refers to non-personal data.
Led by PeopleDoc’s Chief Legal & Compliance Officer, the HR Compliance Assist team relies on a network of internal and external compliance experts and lawyers, including the global law firm Morgan Lewis, to provide clients with best practices and recommendations on topics such as HR document retention, employee data privacy, and HR electronic records. HR Compliance Assist also provides local compliance monitoring and alert services in select countries where PeopleDoc’s customers have employees. HR Compliance Assist is a service exclusively available to PeopleDoc customers.
