China Personal Information Protection Law (PIPL)
With a short deadline for compliance – November 1, 2021 – the Chinese Personal Information Protection Law (PIPL) is now a top priority for companies.
What’s PIPL?
The latest privacy law to impact organizations globally
FUNDAMENTALS
PIPL is China’s first omnibus data protection law that will impact any company with data in China or who does business there.
URGENCY
With the possibility of severe sanctions for non-compliance, organizations must act quickly to comply with the requirements before the deadline.
NUANCES
While aligned to GDPR, PIPL does have distinctions that require readiness analysis, including the lawful basis of HR management and expanded enforcement.
APPLICABILITY
What’s the scope of PIPL?
PIPL is similar to GDPR – it applies to personal data processed within the People’s Republic of China – if products or services are provided to people in China, if their activities are assessed or analyzed, and where Chinese laws and regulations apply.
ENFORCEMENT & DEADLINES
What are the consequences?
Although there is no enforcement authority yet, it is clear that serious sanctions will be imposed for violations of the law.
These could include;
- Compliance orders
- Processing bans
- Confiscation of unlawful income
- Fines of up to 1 million Yuan (~$155,000)
- The maximum penalty for the organization is up to 50 million Yuan (~$7,7 million) or 5% of annual revenue
PERSONAL FINES
Additionally, persons in charge or directly responsible for the processing operation can receive a personal fine between 10,000 and 100,000 Yuan. The individual sanction would go up to 100,000 and 1 million Yuan and could include a prohibition of holding several professional positions for a certain period.
WHITEPAPER
China PIPL: What You Need to Know
Download this whitepaper to dive deeper into our analysis of PIPL. The law propels privacy requirements past GDPR – our research will help you understand what you need to know.
GETTING STARTED
Achieve PIPL compliance in less time
The deadline for compliance with the China Personal Information Protection Law is short – November 1, 2021. Accelerate compliance in PrivacyCentral by leveraging the privacy work you have already done.
REGULATORY RESEARCH
Mapping PIPL to other laws
Our regulatory research compares PIPL to GDPR, CCPA, LGPD, and hundreds of other laws. Our team has analyzed the law, identified the requirements, and determined what they mean for your business so you can focus on the actions needed to comply.
SERIOUS PRIVACY
Spicy Privacy:
Understanding the China PIPL
Although many details remain unclear, during our August 31st episode, we unpack the main characteristics of the new Chinese data protection law.
WEBINAR
Becoming PIPL Compliant In No Time
This webinar takes place eight days after the PIPL deadline, giving an overview of the PIPL requirements and helping understand better what your organization rapidly needs to do to address this law.
Looking for help complying with the PIPL?
Resources
FAQs
China’s PIPL: Frequently Asked Questions
Flash Guidance
China’s Personal Information Protection Law (PIPL)
Blog
Getting Started with PIPL Compliance
Blog
China Personal Information Protection Law Adopted
Blog
China PIPL now in force – with more clarity on international transfers
Podcast