Are you on track for compliance with the Personal Information Protection Law of China?

The long-expected and widely concerned Personal Information Protection Law of China (the "PIPL") was adopted on 20 August 2021 by the Standing Committee of National People's Congress. This landmark data protection regulation will come into effect on November 1, 2021. As a basic law for personal information protection in China, the PIPL clarifies the rules for processing personal information, the obligations of personal information handlers, and the rights of personal information subjects. Notably, the PIPL provides serious punishment for violations of this law, which includes a fine of up to CNY 50 million (approx. USD 7.7 million) or 5% of annual turnover of the previous year.

How can multinational companies prepare for compliance at this stage? We have listed the following the PIPL Checklist to help companies grasp the important points and understand what they are suggested to do next to adapt to these rules more smoothly.

The challenges brought in by the PIPL are wide-reaching and a number of functions within many organizations will be affected by the changes, from marketing to security and, of course, legal and compliance. This checklist also aims to identify, below, the stakeholders which will need to be involved in each set of actions.

  • Legal & Compliance
  • HR
  • Marketing and Customer Relations
  • Procurement
  • IT & Information Security
  • PR & Comms

Click here to continue reading . . .

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.