On November 21, the State Administration for Market Regulation (SAMR) and the Cyberspace Administration of China (CAC) jointly issued the Rules for the Implementation of Personal Information Protection Certification (the "Rules"), and simultaneously issued an announcement to clarify relevant matters.

The announcement states that, the SAMR and CAC will implement personal information protection certification, to encourage personal information processors to improve their personal information protection capabilities through certification. Certification bodies engaged in personal information protection certification shall firstly obtain approval for carrying out relevant certification activities and implement certification in accordance with the Rules. The Rules clarify the basic principles and requirements for the certification of processing activities carried out by personal information processors, such as personal information collection, storage, use, processing, transmission, provision, disclosure, deletion, and cross-border processing. According to the Rules, the model of personal information protection certification combines the technical verification, on-site audits, and post-certification supervision. A three-year certificate shall be issued after certification.

(Source: China State Administration for Market Regulation)