The Cybersecurity Administration of China (CAC) published guidelines about outbound personal data and ‘important data’ from China to third countries. Since 1st March 2023, businesses and individuals must comply with these new measures and guidelines or risk penalties. The new guidelines are based on China’s data protection and cybers security laws. The purpose of the Measures and the Guidelines is to explain: (i) the circumstances in which security assessments are required for outbound data transfers; and (ii) how such security assessments must be carried out. Since 1st March 2023, data processors must comply with these requirements and must have also addressed any historic non-compliance by this date.