PRC Cybersecurity Law & PIPL

Cybersecurity Law & Personal Information Protection Law (PRC)

Introduced in 1 June 2017 by the Standing Committee of the National People's Congress (NPC), it is the first set of comprehensive legislation governing cyber security and data privacy in China. 

  • Onshore data storage requirements

  • Significant regulation for transferring data offshore

  • Individual rights including right to access information, rights to data portability, right to be forgotten and objection to direct marketing

In October 2020, the NPC released a draft of Personal Information Protection Law (PIPL) which came into effect on November 1, 2021. It becomes China’s first comprehensive law on the protection of personal data which binds compliance obligations previously considered recommended practice and requiring organizations to comply with additional requirements.

Want to know more or talk to one of our experts?
Contact us now!