Personal Information Protection Law (PIPL) FAQs
The People’s Republic of China (PRC) has passed robust data privacy regulation that governs data security and personal information processing. This FAQ is designed to address questions firms may have about the nature of this legislation and the specific requirements firms will have to address to comply with this new law.
Download The PIPL FAQs
Key learning objectives:
- What is the PIPL?
- Does the PIPL apply to our firm?
- What data is in scope of the PIPL?
- Do firms need a lawful basis to handle personal information under the PIPL?
- Do firms need to appoint a data protection officer or an in-country representative?
- What are the key requirements for in-scope firms?
- Can firms transfer personal information outside of the PRC?
- Do firms need to conduct risk assessments when handling personal information?
- Are there any additional personal information handling requirements firms should be aware of?
- Does the PIPL have breach notification requirements?
- What are the penalties for non-compliance?
- Should we expect additional guidance from the regulators?
- What does my firm need to do?
© 2017- 2023 ACA Group. All rights reserved.ACA Home | Infosec | Privacy | Terms of Use | Modern Slavery