The Study On GDPR Cross-border Data Flow Rules

With the continuous development of the digital economy,cross-border data flows have become more frequent.The economic benefits and negative effects brought by it gradually become prominent.Data,like other resources,is the subject of competition among nations.The cross-border flow of data also poses risks to personal data rights,cybersecurity and even national security.These problems can not be solved by the traditional international cross-border data flow rules,and therefore,the EU General Data Protection Regulation came into being On May 25,2018.The General Data Protection Regulation not only has a wide scope of application,strong penalties,and perfect data subject rights,but also includes a variety of detailed cross-border data flow rules,which is highly practical.Studying the General Data Protection Regulation cross-border data flow rules,on the one hand,China can selectively learn from EU practices to improve our data cross-border flow rules.On the other hand,it provides rules and guidelines for European-related enterprises in the process of data cross-border flow,reduces corporate compliance costs,and avoids legal risks.In addition,the cross-border flow of data cannot be effectively regulated by domestic law due to its international nature.Legal regulation through international cooperation is necessary.The General Data Protection Regulation prohibit the cross-border flow of data in general.Enterprises can only conduct data flow through adequate protection rules and appropriate safeguard measures,but for the sake of digital trade,EU also introduces exception rules.Besides,the realization of the objectives of the rules requires the remedy measures.The General Data Protection Regulation stipulate that data subjects can defend their rights through appeals,lawsuits,and public interest litigation.Howerer,It seems to be perfect,but it may increase the burden of enterprises,form new trade barriers and restrict the development of digital economy.It is concluded that clear regulatory objectives,specific data flow modes,independent regulatory agencies,perfect right remedies and international cooperation mechanism should be incorporated in the perfect cross-border data flow rules.Our country should also construct the rules of cross-border data flow according to this system,but we should also avoid excessive obligations to restrict the development of our international trade.In addition,the adquate protection rules are not applicable to the Chinese enterprises.The binding enterprise rules,standard contract terms,code of conduct and certification methods in appropriate safeguard measures are more suitable for Chinese enterprises.Data localization can also be one of the ways to avoid the cross-border data flow rules in the General Data Protection Regulation.