The new PRC Personal Information Protection Law – Are global organizations ready for the changes (from an employment perspective)?
Related people
Headlines in this article
Related news and insights
Publications: 03 April 2024
China passes provisions to relax the cross-border data transfer regime
Blog Post: 13 June 2023
China - CAC issues guidance on filing standard contracts for export of personal information
Publications: 02 March 2023
China refreshes the regulation on archives administration in relation to overseas listings
Blog Post: 01 February 2023
China brings into force Regulations on the Administration of Deep Synthesis of Internet Technology
The PIPL has a territorial reach that is similar to the EU’s General Data Protection Regulation (GDPR) in that it applies to both operations in China, as well as to businesses overseas that process the personal information of individuals who are located in China for the purpose of analysing and evaluating the individuals’ activities. As such, the PIPL captures HR departments that process employment information on global scales, such as those that use cloud-based HR solutions to streamline and manage HR operations on a worldwide basis – e.g. HR planning, employee engagement, and people analytics. Even if the scale of operations in China is small (e.g., a small representative office), you could still be captured by the PIPL as a “data controller”.
Read our briefing note outlining the changes brought into force by the PIPL and the actions employers might consider taking.