
China PIPL Overview Infographic
On August 20, 2021, China’s Personal Information Protection Law (PIPL) was adopted by the National People’s Congress (NPC) Standing Committee. The PIPL took effect on November 1, 2021, and will regulate the collection and usage of personal information by companies operating in China. Under the PIPL, data subjects have a greater level of protection and control over their personal information including eight individual rights.
The PIPL outlines that personal information should be processed within the “minimum scope necessary” and introduces a concept similar to that of the Data Protection Officer. This means that organizations should appoint an individual to take charge of personal information protection operations.
The PIPL also includes several provisions that are similar to the GDPR including:
- Guidelines for the international transfer of data
- Options to reject business marketing particularly where marketing is targeted to personal characteristics
- Requirements to obtain consent for processing sensitive personal information which includes:
- Biometrics
- Medical & Health data
- Financial accounts, and
- Geolocation
Read the OneTrust Blog: China’s Personal Information Protection Law to Take Effect November 1, 2021
China PIPL Overview Infographic
The PIPL has introduced new provisions for organizations in China to comply with. These include fulfilling a set of new data subject rights and obtaining valid consent. Download the OneTrust DataGuidance China PIPL overview infographic to find out more about key compliance areas under the PIPL.
Request a demo to see how OneTrust DataGuidance can help you have a deeper understanding of the requirements of China's PIPL.
Further resources for understanding the PIPL:
- OneTrust DataGuidance: China's PIPL and DSL Portal
- OneTrust DataGuidance Video: What you need to know: China's PIPL
- OneTrust DataGuidance Report: Comparing Privacy Laws: GDPR v. PIPL
- OneTrust DataGuidance Report: Operationalizing the PIPL