China Personal Information Protection Law (PIPL)

With a short deadline for compliance – November 1, 2021 – the Chinese Personal Information Protection Law (PIPL) is now a top priority for companies.

What’s PIPL?

The latest privacy law to impact organizations globally

BUILD & MANAGE YOUR PRIVACY PROGRAM

FUNDAMENTALS

PIPL is China’s first omnibus data protection law that will impact any company with data in China or who does business there.

DEMONSTRATE ACCOUNTABILITY AND COMPLIANCE

URGENCY

With the possibility of severe sanctions for non-compliance, organizations must act quickly to comply with the requirements before the deadline.

NEVER MISS A BEAT ON REGULATORY UPDATES

NUANCES

While aligned to GDPR, PIPL does have distinctions that require readiness analysis, including the lawful basis of HR management and expanded enforcement.

China PIPL Applicability

APPLICABILITY

What’s the scope of PIPL?

PIPL is similar to GDPR – it applies to personal data processed within the People’s Republic of China – if products or services are provided to people in China, if their activities are assessed or analyzed, and where Chinese laws and regulations apply.

ENFORCEMENT & DEADLINES

What are the consequences?

Although there is no enforcement authority yet, it is clear that serious sanctions will be imposed for violations of the law.
These could include;

  • Compliance orders
  • Processing bans
  • Confiscation of unlawful income
  • Fines of up to 1 million Yuan (~$155,000)
  • The maximum penalty for the organization is up to 50 million Yuan (~$7,7 million) or 5% of annual revenue
China PIPL Enforcement

PERSONAL FINES

Additionally, persons in charge or directly responsible for the processing operation can receive a personal fine between 10,000 and 100,000 Yuan. The individual sanction would go up to 100,000 and 1 million Yuan and could include a prohibition of holding several professional positions for a certain period.

TrustArc China PIPL Whitepaper

WHITEPAPER

China PIPL: What You Need to Know

Download this whitepaper to dive deeper into our analysis of PIPL. The law propels privacy requirements past GDPR – our research will help you understand what you need to know.

GETTING STARTED

Achieve PIPL compliance in less time

The deadline for compliance with the China Personal Information Protection Law is short – November 1, 2021. Accelerate compliance in PrivacyCentral by leveraging the privacy work you have already done.

China PIPL Getting Started
Nymity Research

REGULATORY RESEARCH

Mapping PIPL to other laws

Our regulatory research compares PIPL to GDPR, CCPA, LGPD, and hundreds of other laws. Our team has analyzed the law, identified the requirements, and determined what they mean for your business so you can focus on the actions needed to comply.

PIPL Serious Privacy Podcast

SERIOUS PRIVACY

Spicy Privacy:
Understanding the China PIPL

Although many details remain unclear, during our August 31st episode, we unpack the main characteristics of the new Chinese data protection law.

TrustArc Webinar

WEBINAR

Becoming PIPL Compliant In No Time

This webinar takes place eight days after the PIPL deadline, giving an overview of the PIPL requirements and helping understand better what your organization rapidly needs to do to address this law.

Looking for help complying with the PIPL?

Resources
Blog

FAQs

China’s PIPL: Frequently Asked Questions

Blog

Flash Guidance

China’s Personal Information Protection Law (PIPL)

Blog

Blog

Getting Started with PIPL Compliance

Blog

Blog

China Personal Information Protection Law Adopted

Blog

Blog

China PIPL now in force – with more clarity on international transfers

Blog

Podcast

Trick or Treat? PIPL is Scary (with Graham Webster)