On Nov. 1, 2021 the China’s Personal Information Protection Law (PIPL) is into effect, aimed to “protect the rights and interests of individuals,” “regulate personal information processing activities,” and “facilitate reasonable use of personal information” (Article 1).
With its entry into force, the broader cyber and data security governance in China is regulated by three pieces of legislation: the PIPL, the Cybersecurity Law, and the Data Security Law. Implementing regulations have been adopted and some have yet to be adopted, making it complex to comply with this framework without proper legal and cybersecurity guidance.
On a comparative perspective, the PIPL aligns with the strictest international privacy benchmarks of the European Union’s General Data Protection Regulation (EU GDPR) in large part, but it differs from the EU framework to a relevant extent. For instance, the PIPL includes certain substantive obligations that differ from the EU GDPR but there are also obligations found in the EU GDPR that are not included in the PIPL.
Like the EU GDPR, also the PIPL has extraterritorial application and imposes thought-through privacy management policies and practices to companies and entities all over the world, when the purpose of the processing is:
(i) To provide products or services to individuals in China
(ii) to “analyze” or “assess” the behaviour of individuals in China; and/or
(iii) for other purposes to be specified by laws and regulations
If you just discovered that your company falls in these conditions, you are also obliged to:
PrivacyRules has created an efficient and cost-effective package to assess your legal and technical obligations towards the PIPL, and to adopt the appropriate steps in order to continue operating with peace of mind and avoid hefty fines. Our package offers:
Upon its subscription, you will receive a wealth of informative material for your corporate awareness and for the education of your workforce, which is one of the most important initial steps to comply with the PIPL and to demonstrate to customers and partners that you have embraced the culture of care for personal data protection and cybersecurity.
Our package journey gives you: