On December 16, 2022, SAC/TC260 (Information Security) issued the Guideline for the Cybersecurity Standard - Security Certification Specification for Cross-border Processing Activities of Personal Information V2.0 (hereinafter referred to as “the Guideline”). Comparing with V1.0 released in June of 2022, this document has made certain changes in aspects such as certification subject, terminology, basic principles and basic requirements. 
The key contents of the Guideline is summarized as followed:

·   Personal information processors who carry out cross-border processing activities shall conform to the requirements of GB/T35273 Information security technology - Personal information security specification and this document when applying for personal information protective certification.

·   When carrying out cross-border processing for personal information, requirements are proposed from the perspective of basic principles, information protection that are supposed to be adhered by personal information processors and overseas recipients, and the body rights guarantee of personal information. The guideline provides reference for the certification of personal information cross-border processing activities carried out by the relevant processors from the certification authorities. These requirements also serve as a reference to regulate the activities of personal information processors.

If you need more information or have any question on the topic, please contact: assistant@bestao-consulting.com