Following China Cybersecurity Law and Data Security Law, Personal Information Protection Law of the People’s Republic of China (hereinafter referred to as “PIPL") was approved at the 30th meeting of the Standing Committee of the 13th National People's Congress on August 20, 2021, and would come into effect on November 1, 2021. PIPL will serve as the basis for personal information protection in China and provide assurance for the rights and interests of personal information.
The approved version of PIPL was updated in the legal basis of personal information processing, protection obligations of personal information processors, personal information cross-border transfer, legal liability, etc. and further defines the obligations and legal liabilities of personal information processors. As China’s first specific law on personal information protection, the coming effect of PIPL will certainly have significant impacts on various personal information processing activities of organizations and individuals.
From the perspective of compliance of general business organizations, this article would like to recap the focuses in PIPL, summarize key differences among existing domestic and foreign personal information protection regulatory requirements, provide thoughts on the establishment of personal information protection system, and also explore the effective path for enterprises to implement personal information protection management activities in a systematic and integrated way in the digital economy era.