The China Personal Information Protection Law (PIPL)

The China Personal Information Protection Law (PIPL) is the new data privacy law in China, targeted at personal information protection and addressing the problems with personal data leakage.

On 13th October, 2020, the first PIPL draft was submitted to the National People's Congress and later been published and opened for public commenting on 21st October 2020.

The PIPL is not only applicable to organizations and individuals who process personally identifiable information (PII) in China, but also those who process data of China citizens' PII outside of China.

Although the current draft version is likely to be revised before it is finally enacted, some significant impacts on organizations can already be foreseen.

More stringent requirements in data transfer, mandatory requirements on security controls and data localization, and increased penalties and fines on organizations upon violation are anticipated.

Are you and your business partners ready to support these changes?

Read our latest brochures to find out more about how Deloitte can help you get prepared for the major transition in handling data privacy related issues.

There are two versions to cater your needs:

Should you want to find out more about the mandatory PIPL requirements which organizations must comply in each data life cycle stage, click here.

For quick takeaways of the key highlights of the draft PIPL, click here.