Impacts of China’s New Personal Information Protection Law on enterprisesAAA IPRIGHT2
On August 20th, 2021, China’s Personal Information Protection Law (PIPL) has officially passed into law. With this new regulation, China has had its first legal attempt to define personal information (PI) and regulate the storing, transferring, and processing of personal information.
The law will come into force on 1 November 2021, only 2 months from now. This means that it will leave a rather tight time frame for enterprises, especially for enterprises that rely heavily on data for their operations in China, to adapt and adjust their company’s activities according to this new law.
China’s Personal Information Protection Law aims to formalize and strengthen several requirements in relation to personal data which include the necessity for explicit or separate consent for the collection and for data localization in China.
Compiling with these regulations, especially in an incredibly short amount of time, will not be easy for enterprises. They will need to update their China business models as well as operating practices to ensure compliance with the new rule in order to avoid punishment.
However, on the other hand, consumers might be one of the most affected alongside enterprises because they will also have to adapt to the rapidly changing digital solutions offered by the enterprises.
Impacts of China’s New Personal Information Protection Law on enterprises
The Impacts of China’s New Personal Information Protection Law on enterprises will be severe due to the highly likely proactive and targeted enforcement methods of this new rule.
Not just the Government but the commercial partners, consumers, and competitors may also be the one who reports enterprises for not complying with the new law. This multifaceted approach means the risk is hard to quantify and manage.
Accordingly, the punishment for the enterprises will vary and may create an irreversible consequence. For example, the penalty may range from the suspension of business to fines up to RMB 50 million or 5% of the preceding year’s revenue, or worst, permanently banned from operating in China.
Preparation needed before 1st November
The implementation of the law will provide a legal foundation for the protection of personal information for the operating of foreign enterprises in China. Nevertheless, the new law will also have the potential to limit the cross-border transfer of such information, especially for data related to critical information infrastructure (CII) due to national security implications in China. Accordingly, in order to best prepare before the deadline which is the 1st of November, enterprises need to understand the law’s impact on their data operations.
On basic principle, China’s New Personal Information Protection Law demands that enterprises make their own judgments on how to implement the principles set out in the Law, unlike the GDPR.
International enterprises that are operating in China and consumers alike need to review their situation and conduct data audits. This will allow them to understand in detail the new law and find out for themselves any possible damages they may face when the Law officially comes into practice.
Several key issues that enterprises need to identify may be listed as:
- Sensitivity of data being handled;
- Data flows across borders;
- Whether current policies, processes, and business models are fit for the purpose;
- If they meet the ‘entrusted processor’ threshold;
- Any enforcement exemptions.
– You could see How To Register Trademark in China here.
– You could visit here to see Procedure of Trademark in China.
– You could visit here to check Required documents of filing trademark in China.
Or sending your inquiry by filling the form: