China's new data privacy law, the Personal Information Protection Law (PIPL), has been approved by the National People's Congress in 2021. The new law, which impacts both domestic and international companies operating in China, sets out strict rules for the collection, use, and storage of personal information, and includes severe penalties for non-compliance.
You've probably heard about the challenges TikTok faces in the US due to their concerns about privacy. Well, China also has its concerns. The PIPL has been introduced in response to growing concerns about data privacy in China, as well as global trends towards more stringent regulation of data privacy. With China's rapidly expanding digital economy and the increasing amount of personal data being collected and shared, the need for robust data protection measures has become more pressing than ever. Thus, the PIPL has been issued and it has a significant impact on foreign companies operating in China. The brief essence of the law:
Expanding your business, especially a digital one, you must ensure compliance with regulators regarding data privacy. In modern China, a foreign company has to constantly monitor legal requirements for the operation and secure its compliance. A foreign legal entity appoints a representative and legally the representative is in charge so make sure those you trust your operations in China are aware of the peculiarities and capable of managing it. But it is not just a legal issue, you will have to adapt your business operations as well. For instance, you have to receive the consent of each person you hire. Complying with the law also concerns the data of your clients, leads, subscribers etc. In that case, you can't just simply store your leads in a CRM with servers outside of China, this basic operation also has to be modified. Thus, your operation should undergo a thorough analysis and be adjusted accordingly.
China's new data privacy law represents a significant shift in the regulatory landscape for international businesses operating in China. While compliance may be challenging, companies that take a proactive approach to data protection and privacy will be well-positioned to succeed in the rapidly evolving digital economy. The market is full of consultants willing to help you open a legal entity, do marketing research, etc.
You've probably heard about the challenges TikTok faces in the US due to their concerns about privacy. Well, China also has its concerns. The PIPL has been introduced in response to growing concerns about data privacy in China, as well as global trends towards more stringent regulation of data privacy. With China's rapidly expanding digital economy and the increasing amount of personal data being collected and shared, the need for robust data protection measures has become more pressing than ever. Thus, the PIPL has been issued and it has a significant impact on foreign companies operating in China. The brief essence of the law:
- Companies will need to obtain explicit consent from individuals before collecting, processing, or sharing their personal information. This consent must be given freely, and individuals must be informed about the purposes for which their data will be used.
- The PIPL requires that the personal information of Chinese citizens to be stored within China. In other words, international companies need to establish data centers or cloud facilities in China in order to comply with this requirement.
- Companies are to establish robust data security measures to protect personal information from unauthorized access, disclosure, or theft. This includes implementing access controls, encryption, and other technical measures to safeguard data.
- The PIPL introduces new requirements for the transfer of personal data outside of China, including the need to obtain approval from Chinese regulators before transferring data to overseas entities.
- The law includes severe penalties for non-compliance, including fines of up to RMB 50 million or 5% of a company's annual revenue, as well as the suspension of business operations.
Expanding your business, especially a digital one, you must ensure compliance with regulators regarding data privacy. In modern China, a foreign company has to constantly monitor legal requirements for the operation and secure its compliance. A foreign legal entity appoints a representative and legally the representative is in charge so make sure those you trust your operations in China are aware of the peculiarities and capable of managing it. But it is not just a legal issue, you will have to adapt your business operations as well. For instance, you have to receive the consent of each person you hire. Complying with the law also concerns the data of your clients, leads, subscribers etc. In that case, you can't just simply store your leads in a CRM with servers outside of China, this basic operation also has to be modified. Thus, your operation should undergo a thorough analysis and be adjusted accordingly.
China's new data privacy law represents a significant shift in the regulatory landscape for international businesses operating in China. While compliance may be challenging, companies that take a proactive approach to data protection and privacy will be well-positioned to succeed in the rapidly evolving digital economy. The market is full of consultants willing to help you open a legal entity, do marketing research, etc.
