The long-expected Personal Information Protection Law of China ("PIPL") was passed on 20 August 2021, at the 30th Session of the Standing Committee of the 13th National People's Congress, and will come into effect on 1 November 2021. As the Chinese equivalent of GDPR, the PIPL will change the current landscape of scattered provisions on personal data protection, by clarifying the rules for processing personal data, the obligations of data handlers and processors, and the rights of data subjects. Notably, the fine would be up to 5% of annual turnover, thus even exceeding GDPR.
This Guide aims to help entities in China, as well as those established outside China but subject to the extraterritorial effect of the PIPL, carry out data compliance work to get prepared for the upcoming law. Each section of this Guide describes an important rule or requirement under the PIPL. We also provide suggested actions at the end of each section for your reference.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.