• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Skip to footer
  • Articles
  • News
  • Events
  • Advertize
  • Jobs
  • Courses
  • Contact
  • (0)
  • LoginRegister
    • Facebook
    • LinkedIn
    • RSS
      Articles
      News
      Events
      Job Posts
    • Twitter
Datafloq

Datafloq

Data and Technology Insights

  • Categories
    • Big Data
    • Blockchain
    • Cloud
    • Internet Of Things
    • Metaverse
    • Robotics
    • Cybersecurity
    • Startups
    • Strategy
    • Technical
  • Big Data
  • Blockchain
  • Cloud
  • Metaverse
  • Internet Of Things
  • Robotics
  • Cybersecurity
  • Startups
  • Strategy
  • Technical

PIPL: The Rules and Impacts for Businesses

Daniel Cantorna / 5 min read.
November 30, 2021
Datafloq AI Score
×

Datafloq AI Score: 86.67

Datafloq enables anyone to contribute articles, but we value high-quality content. This means that we do not accept SEO link building content, spammy articles, clickbait, articles written by bots and especially not misinformation. Therefore, we have developed an AI, built using multiple built open-source and proprietary tools to instantly define whether an article is written by a human or a bot and determine the level of bias, objectivity, whether it is fact-based or not, sentiment and overall quality.

Articles published on Datafloq need to have a minimum AI score of 60% and we provide this graph to give more detailed information on how we rate this article. Please note that this is a work in progress and if you have any suggestions, feel free to contact us.

floq.to/iXLPw

The China Personal Information Protection Law PIPL is the new data privacy law in China. It‘s aimed at protecting personal information and addressing issues with leakage of personal data. PIPL is a new cybersecurity law first conceptualised in 2014. It was passed into law on the 20th August 2021 and took effect on 1st November 2021.

This cybersecurity structure will regulate data protection and security in China indefinitely. All companies need to have been China data security law compliant by September 2021.

Businesses that have operations in China involving data collection and processing need to follow the rules set out by the PIPL, if not, they will face contraventions for non-compliance.

Who is Subject to PIPL?

Companies in all industries are affected by PIPL. Entities affected include Chinese domestic companies and Chinese subsidiaries set up by multinational companies. Also affected are foreign companies that do business in China, even those without physical business presence there. Any business whose activities include selling products or services to the Chinese market and collecting data and PII within China are subject to the law. It includes special reference to businesses that assess and analyze the behaviours of individuals in China.

Requirements of Data Security Law for Businesses

All companies with data processing activities are subject to DSL (Data Law Security). The DSL also provides for extra-territorial conditions if data processing activities conducted outside China harm the national security and public interest of Chinese citizens or entities. If information is regarded as critical to national security (Critical Information Infrastructure/CII) then Critical Information Infrastructure Operators (CIIO’s) must store that data locally in China.

All businesses that act as data processors need to establish and optimize a data security management system, adopting lawful and justified methods in collecting and using personal data. This includes consent management, data minimisation, access restriction, logging, auditing, encryption and data masking. Businesses operating in China need to arrange data security training for all staff who may come into contact with the data asset.

China operates a Multi-level Protection Scheme which is a certification grading an organisation by two considerations: impacted object and impacted level. Impacted objects refer to who or what will be impacted by a cybersecurity incident. These include Chinese citizens, individuals, organisations, social interest, public order, or national security. Impacted level refers to whether a cybersecurity incident will cause minor, major, or critical levels of impact on the objects by national security and social stability. Businesses that do not affect national security or public interests are usually classified as Level 1, while businesses that may affect social order and public interest are classified as Level 2 or above. Systems or applications with higher degrees of impact are more likely to be classified as Level 3 or even Level 4. Level 5 is reserved for state-owned military systems.

Companies operating in China also need to evaluate their exposure by association and prepare for these certification processes. If a network is determined to be Level 2 or above, the network operator must engage a qualified expert to carry out additional security reviews. Qualified experts are usually a third-party agency, but they can also be certified security professionals within the organisation.

Significant Impacts on Personal Information Handlers

Cross-border transfers may require a government security assessment or certification by a professional institution if the data transferred is above a certain size in terms of the number of customer records or the raw data volumes.

The law has requirements for the following disclosures to be made: The name and information of the overseas recipient, their purpose, and method of the data transfer, the type of personal information being processed, and the process by which an individual may consent and exercise their privacy rights.


Interested in what the future will bring? Download our 2023 Technology Trends eBook for free.

Consent

Impact assessments will be required for businesses that wish to collect sensitive personal information and any business that wishes to use this information for automated decision-making. The processing purposes and methods will need to be assessed to ensure they are legitimate, justified, and necessary. How this impacts an individual’s right will need to be clarified, as well as the resulting security risk.

When collecting a subject’s financial status, consumption habits, and sensitivity to pricing, the data legislation may require a business to explain the data processing and justify any refused decisions based solely on the automated decision. This kind of assessment will ensure transparency, fairness, and impartiality when using data to make an automated decision.

New Additional Requirements on Sensitive PI

The PIPL includes an extended scope which defines that biometric characteristics, religious beliefs, medical records, financial accounts, and individual location, as well as the personal information of minors under the age of 14 are all considered sensitive personal information, and as such, have stricter processing requirements. This includes obtaining specific additional consent a person must consent to the capture of each of these and then separately consent to how they are processed.

PIPL requires additional security measures to secure sensitive personal information. These new measures may include strong encryption, separate storage facilities, no storage of biometric information such as facial images. PIPL will only allow facial recognition technologies in public areas for security purposes, with easily identified notices and independent consent of data subjects. Use of facial recognition technology must always obtain the subject’s specific, independent and explicit consent.

Impact on Businesses for Non-Compliance

If the collection of personal information is taking place, a business will be required to appoint a Personal Information protection officer. The officers appointed are similar in capacity to that of a DPO (Data Protection Officer) to supervise data processing and oversee the protection measures to be carried out.

Foreign companies without a business presence in China will need to set up an agency or appoint a representative in China to deal with data protection matters if the data processing outside of China is subject to the PIPL. Companies not preparing for these processes will face elevated compliance risks. These risks include audits and police-led inspections.

After audits and investigations have been completed, businesses that have been found to contravene the data security law can be subject to various penalties. This includes revoking of business licenses, suspension of business activities, potential criminal repercussions, and fines of up to 5% of annual business revenue.

Future Business Impact

As this law is in the early stage of implementation it may be too soon to ascertain how far-reaching the impact will be regarding data security around the globe.

The data security law will have the biggest impact on multination companies outside of China. China’s localised technology companies will most likely be the least affected, as the DSL primarily focuses on data leaving the country. The data security law will create a significant compliance process for companies who don’t want suspension face huge penalties.

The best way to navigate the future of business dealings in and around China is to establish a best practice that correlates with the PIPL and DSL and matches the processes set out within the legislation. Businesses impacted will need to revisit their existing data management procedures, identify specialists to support them with assessing exposure, impacts and the changes required to remain compliant,

Security legislation is a complex and every evolving domain, it is critical to revisit this often difficult to navigate and continually evolving landscape.

Categories: Cybersecurity
Tags: China, Data security, legal

About Daniel Cantorna

Daniel Cantorna Vice President, Professional Services, EMEA, Collinson Daniel is the Vice President of Professional Services within Collinsons EMEA team, a global leader in loyalty and benefits, and traveller experiences.Holding over 15 years of experience in consulting, product development, system integration, automation and gamification, Daniel is passionate about delivering customer-centric solutions and services that help Collinson clients build meaningful, enduring and increasingly valuable relationships with their customers.Daniel has worked extensively with marketing, automation, integration, business intelligence and advanced analytics for global enterprise organisations across sectors including technology, aviation, hospitality, luxury and retail.

Primary Sidebar

E-mail Newsletter

Sign up to receive email updates daily and to hear what's going on with us!

Publish
AN Article
Submit
a press release
List
AN Event
Create
A Job Post
Host your website with Managed WordPress for $1.00/mo with GoDaddy!

Related Articles

The Advantages of IT Staff Augmentation Over Traditional Hiring

May 4, 2023 By Mukesh Ram

The State of Digital Asset Management in 2023

May 3, 2023 By pimcoremkt

Test Data Management – Implementation Challenges and Tools Available

May 1, 2023 By yash.mehta262

Related Jobs

  • Software Engineer | South Yorkshire, GB - February 07, 2023
  • Software Engineer with C# .net Investment House | London, GB - February 07, 2023
  • Senior Java Developer | London, GB - February 07, 2023
  • Software Engineer – Growing Digital Media Company | London, GB - February 07, 2023
  • LBG Returners – Senior Data Analyst | Chester Moor, GB - February 07, 2023
More Jobs

Tags

AI Amazon analysis analytics app application Artificial Intelligence BI Big Data business China Cloud Companies company costs crypto customers Data design development digital environment experience future Google+ government information learning machine learning market mobile Musk news Other public research sales security share social social media software strategy technology twitter

Related Events

  • 6th Middle East Banking AI & Analytics Summit 2023 | Riyadh, Saudi Arabia - May 10, 2023
  • Data Science Salon NYC: AI & Machine Learning in Finance & Technology | The Theater Center - December 7, 2022
  • Big Data LDN 2023 | Olympia London - September 20, 2023
More events

Related Online Courses

  • Oracle Cloud Data Management Foundations Workshop
  • Data Science at Scale
  • Statistics with Python
More courses

Footer


Datafloq is the one-stop source for big data, blockchain and artificial intelligence. We offer information, insights and opportunities to drive innovation with emerging technologies.

  • Facebook
  • LinkedIn
  • RSS
  • Twitter

Recent

  • 5 Reasons Why Modern Data Integration Gives You a Competitive Advantage
  • 5 Most Common Database Structures for Small Businesses
  • 6 Ways to Reduce IT Costs Through Observability
  • How is Big Data Analytics Used in Business? These 5 Use Cases Share Valuable Insights
  • How Realistic Are Self-Driving Cars?

Search

Tags

AI Amazon analysis analytics app application Artificial Intelligence BI Big Data business China Cloud Companies company costs crypto customers Data design development digital environment experience future Google+ government information learning machine learning market mobile Musk news Other public research sales security share social social media software strategy technology twitter

Copyright © 2023 Datafloq
HTML Sitemap| Privacy| Terms| Cookies

  • Facebook
  • Twitter
  • LinkedIn
  • WhatsApp

In order to optimize the website and to continuously improve Datafloq, we use cookies. For more information click here.

Dear visitor,
Thank you for visiting Datafloq. If you find our content interesting, please subscribe to our weekly newsletter:

Did you know that you can publish job posts for free on Datafloq? You can start immediately and find the best candidates for free! Click here to get started.

Not Now Subscribe

Thanks for visiting Datafloq
If you enjoyed our content on emerging technologies, why not subscribe to our weekly newsletter to receive the latest news straight into your mailbox?

Subscribe

No thanks

Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

Necessary Cookies

Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.

If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.

Marketing cookies

This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.

Keeping this cookie enabled helps us to improve our website.

Please enable Strictly Necessary Cookies first so that we can save your preferences!