China’s PIPL Takes Effect Nov. 1
Just as organizations throughout the world were getting acclimated to the rigorous standards in the EU’s General Data Protection Regulation (GDPR), China’s Personal Information Protection Law was voted into law Aug. 21. According to many reports thus far, PIPL is stricter than GDPR, and considering the law regulation goes into effect Nov. 1, organizations conducting business in China do not have much time to prepare.
If you’re already compliant with GDPR and/or the California Consumer Privacy Act (CCPA) within the United States, you have a head start with toward PIPL compliance. These organizations most likely already have conducted privacy impact assessments to become familiar with their own processing activities, and hopefully plenty of overlap in these regulations have been covered.
PIPL most closely resembles GDPR in terms of scope and basic definitions when compared to other privacy laws throughout the world. For example, just as GDPR applies to any company that handles the data of EU residents, PIPL applies to any company that processes the personal data of Chinese citizens regardless of whether that happens in China or outside the country.
Also, like GDPR, PIPL gives individuals the right to access, request, correct, delete, transfer and restrict the collection on use of their personal data.
There are some major differences between PIPL and GDPR, as well.
For example, PIPL requires that any company located outside China involved processing the personal information of Chinese citizens designate a dedicated in-person representative to support compliance. PIPL also veers from GDPR through its lack of legitimate interest which, under GDPR, allows companies, in certain cases, to process personal data without consent if it’s collected legally and there’s a justifiable reason for its use.
If you conduct business in China, you won’t want to get caught flat footed when PIPL is implemented. 2W Tech’s Cybersecurity Compliance Program was designed to support businesses with their compliance obligations. Most organizations must abide by and maintain a standard for controls that safeguard the confidentiality and privacy of information stored and processed. We work hand in hand with you to learn more about your required compliances, help obtain proper agreements, and access relevant system architecture information. Give us a call today to get started.