the Personal Information Protection: Foreign Bank's Guidance( 三 )


Regardless of transfer methods, the Domestic Branches shall abide by the following provisions of Article 38 of the PIPL:
“Where a personal information processor needs to provide personal information outside the territory of the People's Republic of China for business or other such requirements, it shall meet one of the following conditions:
(1)it shall pass the security assessment organized by the national cyberspace administration in accordance with Article 40 hereof;
(2)it shall be certified by a specialized agency in accordance with the provisions of the national cyberspace administration ;
(3)it shall conclude an agreement with the overseas recipient in accordance with the standard contract formulated by the national cyberspace administration to specify the rights and obligations of both parties;
(4)it shall satisfy other conditions stipulated by laws, administrative regulations or the national cyberspace administration.”
【the Personal Information Protection: Foreign Bank's Guidance】"The security assessment organized by the national cyberspace administration" as mentioned in sub-clause (1) of this provision refers to the requirements on the framework of security assessment, assessment procedures and submission of assessment materials under the Measures for the Security Assessment on Cross-border Transfer of Personal Information (Draft for Comments) issued by the National Cyberspace Administration of the PRC in 2019. The "standard contract formulated by the national cyberspace administration" as mentioned in sub-clause (3) of this provision has not yet been issued so that the overseas financial institutions should remain alert to future developments regarding cross-border personal information transfer.
Furthermore, the Domestic Branches shall comply with the following provisions of Article 39 of the PIPL:
“Where a personal information processor provides personal information to a party outside the PRC, it shall inform the individuals of such matters as the title or name of the overseas recipient, contact information, purpose and method of processing, type of personal information, methods and procedures for the individuals to exercise the rights prescribed herein against the overseas recipient, and shall obtain the individual's separate consent.”
04Compliance Suggestions for Overseas Financial Institutions
The introduction of the PIPL means the protection for individuals’ personal information has been enhanced than ever before in China as well as an increase in compliance risks for overseas financial institutions doing cross-border business in China. We suggest that overseas financial institutions taking the following steps to avoid the relevant risks. Firstly, the overseas financial institutions may remain alert to the new requirements related to the PIPL, update their rules for processing clients’ personal information, and carry out self-examination concerning personal information protection. Secondly, the overseas financial institutions may establish a personal information protection tool to classify and manage General Information and sensitive Information respectively, identify different information processing models, and implement different protection measures. Thirdly, the overseas financial institutions may upgrade their privacy policies by requesting the individual clients in China to sign amended privacy statements, user agreements or other documents of similar nature. Finally, the overseas financial institutions may upgrade the collection models of personal information on their websites and mobile apps to ensure collection of personal information within necessary scopes.

the Personal Information Protection: Foreign Bank's Guidance
文章图片


以上关于本文的内容,仅作参考!温馨提示:如遇专业性较强的问题(如:疾病、健康、理财等),还请咨询专业人士给予相关指导!

「辽宁龙网」www.liaoninglong.com小编还为您精选了以下内容,希望对您有所帮助: