China Personal Information Protection Law (PIPL): A New Take on GDPR?

Many people have heard of the GDPR (General Data Protection Regulation), legislation that became law across the EU in May 2018.  It was designed to regulate how businesses protect personal data, notably how personal data is processed, and granted rights to individuals to exercise more control over their personal data.

GDPR is a framework which requires businesses to implement processes to enable them to understand where data is held, how it is used, how long it is kept for, how this can be reported to individuals, and how they may request its correction or deletion.

A critical – and often misunderstood – aspect of GDPR is that it doesn’t just apply to EU businesses.  Any company in the world that stores information on EU citizens must adhere to the regulations; serious breaches can result in significant fines.  Even just the top five companies that were penalized since GDPR’s introduction run into the hundreds of millions of US dollars!  These regulations have teeth, so people pay attention to them.

Beyond GDPR’s own impact in protecting the rights of EU residents, perhaps its greatest legacy has been to increase expectations for how organizations handle personal data the world over. GDPR has set a new global standard, and we are seeing it serve as the model for a number of similar laws being mooted or passed by governments all over the world. With that in mind, how many businesses have heard of the PIPL (Personal Information Protection Law)?  In August 2021, the Standing Committee of the National People’s Congress, the top legislative body in the People’s Republic of China, voted for this law to take effect on Nov. 1, 2021.  It has many similarities to GDPR, a key one being that it also applies world-wide with respect to data held on Chin ..

Support the originator by clicking the read the rest link below.