Submit Inquiry

Submit Inquiry
Back

Movate is compliant with China cross-border data transfer regulations  

China's Standard Contract for Outbound Personal Information

Movate has successfully achieved compliance with China’s Cross-Border Data Flow Regulations. This compliance is with the Provisions on Promoting and Regulating Cross-Border Data Flows and is a significant achievement reflecting our unwavering commitment to upholding the highest standards of cybersecurity and data protection in China. 

In accordance with the Personal Information Protection Law of the People’s Republic of China and the Standard Contract for Outbound Personal Information, Movate (Dalian) Technical Services Co., Ltd. has undergone regulatory review and received approval for its Standard Contract for Outbound Personal Information. This contract, signed with Movate Technologies Private Limited on March 24, 2025, reinforces our dedication to lawful and secure data transfer practices. 

China’s Cross-Border Data Transfer (hereinafter referred to as “CBDT”) policy is a crucial aspect of the China data governance framework. The Cybersecurity Administration of China (CAC) announced a new rule to regulate cross-border data transfer on March 22, 2024.

The highlights include: 

  • Regulatory oversight will focus on outbound transfer of personal information of data subjects that reside in China and important data.   
  • The CAC renounced the catalogue-based approach to define “important data”.  Controllers of important data will be notified by authorities on a case-by-case basis. 
  • Outbound transfer of bulk personal information will require a security review  

The restrictions and potential regulatory approaches set by China’s CBDT policy vary based on the direction of data flow, the type of data, and the type of foreign recipient. 

Impact of China’s Cross Border Data Transfer 

China’s Cybersecurity Law (“CSL”), Personal Information Protection Law (“PIPL”) and Data Security Law (“DSL”) set a series of rules and requirements for the cross-border transfer of personal information located in China. These rules and requirements have strong impacts on the business activities of companies operating in or investing in China, for businesses operating in China or processing PI collected or generated from China, it is necessary to be comply with China’s CBDT policy and adapt to its changes, as this helps to reduce compliance risks and costs. 

Movate complies with provisions on promoting and regulating cross-border data flows 

Movate worked with third party auditing firm to complete the requirements to achieve compliance. The foreign recipients/checklist captures all of the Movate’s systems both internal and external of China related data where stored, processed or transmitted. Detailed evaluation has been performed on multiple internal applications and portals. Movate signed standard contract for outbound transfer of personal information. 

The infosec team at Movate (The GRC team) has put lot of efforts in this compliance work. The team has been instrumental in creating a robust framework that not only protects our data but also instils confidence in our clients. Movate has set the benchmark for excellence and continuous improvement. 

CAC certification: Implications for customers 

This compliance means enhanced data security, customer confidence and compliance with local regulations. 

  • Enhanced Data Security: Our customers can trust that their data is protected with the highest standards of cybersecurity and data protection. 
  • Increased Confidence: Our CAC certification gives our customers increased confidence in our ability to handle their data securely. 
  • Compliance: This means compliance with Chinese regulations, ensuring a smooth and efficient business process. 

Cybersecurity excellence, competitive edge &  global standards 

This compliance has significant implications for Movate in China. 

  • Global recognition: Our CAC certification demonstrates our ability to meet international standards and regulations. 
  • Competitive advantage: We have a competitive advantage in the Chinese market, setting us apart from non-certified competitors. 
  • Continuous improvement: Movate’s commitment to CAC certification reflects our dedication to continuous improvement and cybersecurity excellence. 

For further information on China Data privacy Regulations or other assessments, reach out to infosec.team@movate.com or Karthikeyan.Chandrasekaran@movate.com  

Karthikeyan C [CISA CISM CRISC CLIP] ,
AVP – Head Information Security (GRC)

At Movate, Karthikeyan is responsible for developing and implementing an information security program, which includes procedures and policies designed to protect enterprise communications, systems and assets from both internal and external threats. He brings more than 20 years of experience in various facets of information security, risk management, security audits, compliance, tech operations, inside and outside connectivity and more. He is a certified professional holding certifications such as CISA, CISM, CRISC, and CLIP. LinkedIn.

Contact Karthikeyan at karthikeyan.chandrasekaran@movate.com