CHINA PIPL

Let Us Help You Comply With the China PIPL

What is PIPL?

The China Personal Information Protection Law (PIPL) is
China’s new data privacy law, aimed at protecting personal information and tackling personal data leakage issues.
The PIPL applies not just to businesses and persons who
process personally identifiable information (PII) in China, but also to those who process PII of Chinese nationals outside of China.

Fundamentals

The first comprehensive data protection law in China, known as PIPL, will have an effect on any businesses that have data in China or conduct business there.

Urgency

Organizations must work fast to meet the requirements prior to the deadline because there could be serious penalties for non-compliance.

Nuances

Although PIPL is in line with GDPR, there are several differences, such as greater enforcement and the legal foundation for HR management, that call for a preparedness review.

The effects of PIPL on your company

What are the penalties for non-compliance?

If the processing of personal information violates the requirements in the PIPL, personal information protection authorities may issue an order for rectification, issue warnings and confiscate any unlawful income. Those refusing to rectify will be liable to a fine of up to RMB 1,000,000 (approx. USD 145,204.00). The person in-charge and other personnel who bear direct responsibility will be liable to a fine between RMB 10,000 (approx. USD 1,452.00) and RMB 100,000 (approx. USD 14,520.00). For cases of a serious nature, personal information protection authorities may issue an order of rectification, confiscate any unlawful income, and impose a fine of up to RMB 50,000,000 (approx. USD 7,260.00) or 5% of a company’s annual turnover for the previous year.

The personal information protection authorities may also issue an order of suspension of the business or operation for rectification and notify authorities in-charge for cancellation of business permits or licenses. The person in-charge and other personnel who bear direct responsibility will be liable to a fine between RMB 100,000 (approx. USD 14,520.00) and RMB 1,000,000.00 (approx. USD 145,204.00), and may be barred from serving as directors, supervisors, senior officers and personal information protection officers in corporations within a certain period of time.

Is my company subject to the PIPL?

The PIPL’s extra-territorial reach is extremely comparable to the GDPR’s. The Chinese data protection law is applicable to your business in accordance with PIPL Art. 3 if you:

Offer goods or services to those within Chinese boundaries;

Track and evaluate the actions of those within Chinese borders;

Do so under other conditions specified in laws or administrative rules. Such extra laws or rules have not yet been made public.

Looking for help complying with the PIPL?

Our DPOsphere team of experts has the expertise to help you be ready for the significant shift in how you handle PIPL-related concerns.

Why Choose Us?

DPOsphere helps global corporations abide by the relevant laws. By doing this, businesses gain the trust of their customers and
develop stronger, longer-lasting business
partnerships.

To determine the data flow within a group of businesses, DPOsphere does thorough data mapping. In light of this, we assist our clients in closing any gaps that are now present. The adoption of privacy rules, organizational and technical safeguards, contractual agreements, protocols for data breaches, and demands from data subjects are all included in this. We can carve out legal exceptions for cultural differences while keeping an eye on our customers’ larger commercial interests thanks to our multilingual team of lawyers and DPOsphere experts.

To reap these benefits, firms must first have a thorough awareness of the domestic and international regulations that govern their operations and industry. DPOsphere’s jurisdictions are focused on assessments and audits related to specific domain components like as data security. These reassessments and audits are critical for maintaining a system’s viability and avoiding legal violations while meeting statutory, regulatory, security, and contractual duties.

DPOsphere addresses these requirements while also providing the simplicity of use and flexibility required to ensure compliance with the legislation applicable to your firm, all from a single user-friendly interface. Maintain compliance and peace of mind while growing your organization by choosing DPOsphere, relying on our cutting-edge technology and legal experience.