Cyber security and data protection have become very important in China over the recent years. In particular foreign invested companies that are processing personal data, operating critical infrastructure or providing products or services to critical infrastructure operators must make themselves familiar with the applicable laws and regulations.
The transfer of data overseas (either to a third-party contract or an overseas affiliate) is subject to restrictions, and require as the case may be prior internal or external security assessment and approval of the authorities (likely the Cyberspace Administration).
We recommend that you seek for competent legal advice in this regard.