Sovy
  • Products
    • Data Privacy Essentials℠
    • Consent Management Platform
    • Whistleblowing Portal
    • DPO Services
    • EU/UK Representative Services
    • Compliance Spot Check
    • Managed IT Services
    • All Products
    • Free GDPR Scan
    • Free GDPR Readiness Survey
  • eLearning Solutions
    • Corporate eLearning
    • Sovy Academy℠
      • Introduction to GDPR
      • Introduction to GDPR for Recruitment
      • GDPR for Privacy Managers
      • GDPR for IT Professionals
      • Introduction to Cybersecurity
  • Resources
    • Free GDPR Scan
    • Free GDPR Readiness Survey
    • Knowledge Portal
    • Data Privacy Blog
  • Pricing
    • Data Privacy Essentials
    • myConsentChoice CMP
  • About Sovy
    • Mission
    • Team
    • Investor Relations
    • Partnerships
  • Contact Us
  • Products
    • Data Privacy Essentials℠
    • Consent Management Platform
    • Whistleblowing Portal
    • DPO Services
    • EU/UK Representative Services
    • Compliance Spot Check
    • Managed IT Services
    • All Products
    • Free GDPR Scan
    • Free GDPR Readiness Survey
  • eLearning Solutions
    • Corporate eLearning
    • Sovy Academy℠
      • Introduction to GDPR
      • Introduction to GDPR for Recruitment
      • GDPR for Privacy Managers
      • GDPR for IT Professionals
      • Introduction to Cybersecurity
  • Resources
    • Free GDPR Scan
    • Free GDPR Readiness Survey
    • Knowledge Portal
    • Data Privacy Blog
  • Pricing
    • Data Privacy Essentials
    • myConsentChoice CMP
  • About Sovy
    • Mission
    • Team
    • Investor Relations
    • Partnerships
  • Contact Us

Data Privacy Blog

November 4, 2021  |  By Camelia Nastasi

The China Personal Information Protection Law has been enforced. The Law is also Applicable to Foreign Corporations

china personal information protection law

The China Personal Information Protection Law (PIPL) entered into force on the November 1, 2021.

China’s economy has prospered during the last years. There are over 900 million internationals in China. According to Beijing authorities, China has clear legal provisions to protect the rights and interests of its citizens and organizations.

Wang Yi, China’s Foreign Minister stated that China is currently witnessing a new round of technological revolution and industrial transformation.

The new PIPL is similar with the GDPR (The General Data Protection Regulation). It contains 74 articles and includes data protection principles such as ''transparency, fairness, purpose limitation, data minimization, limited retention, data accuracy and accountability.''

Key term definitions

The PIPL defines personal information as any information that can be used to identify a specific individual. Information in the form of videos or photos, whether in electronic or non-electronic type.

"Personal information processing," according to the new law, includes the collection, storage, processing, use, transmission, disclosure, or deletion of personal information.

Similar to GDPR, PIPL defines "sensitive personal information" as information that, if leaked or used illegally, might result in a violation of an individual's dignity or injury to personal safety. This is China's first national law to define sensitive personal data and, more crucially, to impose related requirements on processors who handle it.

Processors' obligations under the China Personal Information Protection Law

Articles 51 to 56 of the PIPL outline processors' responsibilities in terms of:

  • staffing and organization (e.g.: designating a DPO or a local representative in China).
  • Internal administrative measures (e.g.: internal systems, audits, PIAs-personal information protection impact assessments).
  • Security measures (e.g.: information classification, technical measures, training, incident response).

Under the China Personal Information Protection Law, individual rights are similar to those guaranteed by the GDPR. Therefore, individuals have the right to know about and control how their data is processed. They have the ability to restrict or deny processing, and they must have unrestricted access to and copying of the data. They must also be able to collect and reuse personal information across services for their own reasons. Finally, they should have the ability to modify and erase personal data.

The Law's Impact on Foreign Corporations

The second paragraph of Article 3 of the PIPL indicates that the law applies to personal data processing done outside of China for the purpose of providing products or services to individuals in China, or analysing or assessing the actions of individuals in China.

In addition, under the PIPL, organizations outside of China will need to appoint a representative and ''report relevant information of their domestic organization or representative to Chinese regulators.''

Need help?

With our portfolio of online tools and services, we can help you get compliant and stay compliant, including:

•eLearning for GDPR and CyberSecurity

•Cookie Consent Manager with data rights access requests

•Privacy Policy Builder

•Records of Data Processing

We also provide Advisory Services to help you with your company's specific needs.

Contact us for more information.

Source: https://www.lw.com/thoughtLeadership/china-introduces-first-comprehensive-legislation-on-personal-information-protection

Article by Camelia Nastasi

Previous StoryOn September 27th, the Updated GDPR Standard Contractual Clauses Will Enter Into Force
Next StoryGDPR Article 3 and the Provisions on International Transfers as per Chapter V-New Guidelines by the EDPB

SEARCH

CATEGORIES

  • CCPA (1)
  • compliance (1)
  • consent management (2)
  • CPRA (2)
  • Cybersecurity (2)
  • Data Privacy Fines (2)
  • Data Protection Officer (2)
  • Data security and privacy (9)
  • elearning (1)
  • GDPR (22)
  • GDPR fines (8)
  • GDPR guidance (10)

TAG CLOUD

2020 cookie policy data privacy data protection fines GDPR tik tok

ARCHIVES

  • September 2024 (1)
  • July 2024 (1)
  • June 2024 (1)
  • April 2024 (1)
  • March 2024 (1)
  • October 2023 (1)
  • July 2023 (1)
  • June 2023 (2)
  • May 2023 (1)
  • April 2023 (2)
  • March 2023 (1)
  • February 2023 (1)
  • January 2023 (2)
  • December 2022 (1)
  • October 2022 (1)
  • September 2022 (1)
  • August 2022 (1)
  • July 2022 (1)
  • June 2022 (3)
  • May 2022 (2)
  • April 2022 (1)
  • March 2022 (1)
  • February 2022 (1)
  • January 2022 (2)
  • December 2021 (1)
  • November 2021 (1)
  • September 2021 (1)
  • August 2021 (1)
  • July 2021 (2)
  • June 2021 (2)
  • May 2021 (2)
  • January 2021 (1)

LATEST POSTS

  • Top 10 Benefits of Outsourcing Your Data Protection Officer
  • custom eLearning Development Services
    Custom eLearning Development Services: Everything You Need to Know for Success
  • compliance management system
    The Ultimate Guide to Compliance Management System
  • GDPR compliance checklist
    GDPR Compliance Checklist: Ensuring Data Protection
  • why is cybersecurity important?
    Why is cybersecurity important? How to Keep your company safe

QUICK LINKS

  • About Us
  • Resources
  • Privacy Policy
  • Terms
  • Manage Consent
  • Contact Us

Sovy GDPR Privacy Essentials

  • Subscription Benefits
  • Pricing
  • Log in
  • GDPR for Small Businesses
  • GDPR for Enterprises
  • GDPR for Sole Traders
  • GDPR for Charities

SOVY LOCATIONS

Ireland HQ

Registered Office
St Gall's House
St Gall Gardens South
Milltown, Dublin 14
D14 Y882
Ph: +353 (4)6 929-3537

London

Registered Office
Kemp House
152-160 City Road
London EC1V 2N

ASSOCIATIONS

Copyright © 2024 Sovy Trust Solutions Limited. All Rights Reserved. Registered in Ireland, No. 610835 and No. 605069