Skip to content

The new PRC Personal Information Protection Law – Are global organizations ready for the changes (from an employment perspective)?

On 20 August 2021, the Standing Committee of the National People’s Congress passed the new PRC Personal Information Protection Law (PIPL), which will come into operation on 1 November 2021. 

The PIPL has a territorial reach that is similar to the EU’s General Data Protection Regulation (GDPR) in that it applies to both operations in China, as well as to businesses overseas that process the personal information of individuals who are located in China for the purpose of analysing and evaluating the individuals’ activities. As such, the PIPL captures HR departments that process employment information on global scales, such as those that use cloud-based HR solutions to streamline and manage HR operations on a worldwide basis – e.g. HR planning, employee engagement, and people analytics. Even if the scale of operations in China is small (e.g., a small representative office), you could still be captured by the PIPL as a “data controller”.

Read our briefing note outlining the changes brought into force by the PIPL and the actions employers might consider taking.