top of page

China’s New Data Privacy Standard

China has introduced a new national standard for data privacy, which sets more detailed requirements for the handling and protection of personal information. This new standard, known as the Personal Information Protection Standard (PIPS), complements existing privacy laws and strengthens protections for data subjects. For companies handling personal data in China, understanding and complying with this standard is essential to avoid potential legal and operational risks.

Key Aspects of the Personal Information Protection Standard (PIPS)

  1. Detailed Requirements for Data Collection and Consent

    The standard establishes specific guidelines for data collection, requiring companies to obtain clear and explicit consent from individuals before collecting their personal information. Companies must disclose the purpose of data collection, the types of data collected, and how it will be used. This step is designed to ensure that data subjects are fully informed and have given voluntary consent.

  2. Enhanced Data Security and Storage Obligations

    Under the PIPS, companies are required to adopt stringent security measures to protect stored personal data. These include data encryption, secure access controls, and regular vulnerability assessments. Additionally, the standard specifies that companies must limit the storage period of personal data to what is strictly necessary for the stated purpose, reducing the risk of data breaches and misuse.

  3. Clear Data Processing Guidelines

    The new standard introduces guidelines for lawful data processing, stipulating that data must be processed in a fair, legal, and transparent manner. Businesses must ensure that processing activities align with the original consent obtained and do not exceed the agreed purposes. This requirement is intended to prevent unauthorised use of personal information and uphold data subject rights.

  4. Cross-Border Data Transfer Restrictions

    PIPS places strict conditions on cross-border data transfers, requiring companies to conduct security assessments and ensure adequate protections are in place when transferring data outside of China. Data controllers must obtain additional consent from data subjects for cross-border transfers, reflecting the government’s focus on safeguarding personal information beyond China’s borders.

  5. Rights of Data Subjects

    The standard reinforces the rights of individuals over their personal data, including rights to access, correct, delete, and restrict the processing of their information. Companies must establish processes to respond to these requests promptly and effectively. This provision aligns with global privacy trends, empowering data subjects with greater control over their personal information.

  6. Penalties for Non-Compliance

    The standard introduces penalties for companies that fail to meet its requirements, including fines, suspension of operations, or other administrative actions. The increased penalties underscore the importance of compliance and encourage businesses to implement robust data protection measures.

Compliance Recommendations for Businesses

  1. Review Data Collection and Consent Practices

    Companies should evaluate their data collection processes to ensure they meet the new consent requirements. Updating privacy notices and consent forms to reflect the level of detail required by PIPS can help businesses achieve compliance and enhance transparency.

  2. Strengthen Data Security Protocols

    To comply with the security obligations of PIPS, companies should review and, if necessary, upgrade their data protection infrastructure. This includes implementing encryption, conducting regular security audits, and maintaining secure access control mechanisms.

  3. Establish Clear Procedures for Data Subject Requests

    Businesses must put in place processes to handle requests from data subjects, ensuring that rights to access, correction, and deletion are respected. Training staff on these procedures can also improve compliance and responsiveness to individual requests.

  4. Conduct Cross-Border Data Transfer Assessments

    For companies transferring data internationally, conducting risk assessments and obtaining the necessary additional consent is essential. Reviewing cross-border transfer processes can help ensure compliance and maintain the required level of data protection.

  5. Implement Ongoing Compliance Monitoring

    Given the dynamic nature of data privacy standards, companies should establish ongoing compliance monitoring to stay updated on any regulatory changes and address potential gaps in real-time. Regular internal audits and compliance checks can support continuous adherence to PIPS.

Conclusion

China’s new Personal Information Protection Standard (PIPS) enhances data privacy protections and places greater obligations on companies handling personal information. By aligning data practices with these requirements, businesses can better safeguard personal data, maintain regulatory compliance, and build trust with consumers. Proactively addressing these changes will be essential for companies to operate securely and responsibly within China’s evolving data privacy landscape.

Can Woodburn help you?

 

Woodburn Accountants & Advisors is one of China’s most trusted business setup advisory firms.


Woodburn Accountants & Advisors is specialized in inbound investment to China and Hong Kong. We focus on eliminating the complexities of corporate services and compliance administration. We help clients with services ranging from trademark registration and company incorporation to the full outsourcing solution for accounting, tax, and human resource services. Our advisory services can be tailor-made based on the companies’ objectives, goals and needs which vary depending on the stage they are at on their journey.

 

Talk to an expert


Schedule a 30-mins complimentary, no-obligation call to see how Woodburn can help you. Book a call with our Head of Business Advisory - Kristina Koehler-Coluccia.

Topics we can advise on include:

  • Company Registration

  • Cloud Accounting & Financial Reporting

  • Cloud Payroll Services

  • Tax & Audit Services

  • Recruitment

  • Employer-of-Record

  • Visa Application

  • Trademark Registration

  • Switch to Woodburn

  • Partner with Woodburn (cross referral) 

Our calls are automatically scheduled via Zoom - or via Teams, WeChat or WhatsApp upon direct request. 

Our advisory calls are available from Monday-Friday from 8am to 5pm CEST and Wednesday until 9pm CEST.



Woodburn Accountants & Advisors is one of China and Hong Kong’s
most trusted business setup advisory firms

bottom of page