The new China Personal Information Protection Law (PIPL) represents the first comprehensive privacy law in the nation’s history.
The introduction of the PIPL in November 2021 has a significant impact on the way that companies who do business in China or who handle and manage Chinese residents’ personal data.
Non-compliance could result in fines of up to 5% of a company’s annual revenue (or ¥50 million or approximately USD 12 million).
Personal data under the PIPL is any kind of information related to an identified or identifiable natural person that has not been anonymised. This means any information that could identify any aspect of an individual’s personal, public or professional life.
Examples include a person’s name, address, phone number, email address, IP address, and cultural, economic and biometric information.
Among the most important considerations for business and HR leaders related to China’s Personal Information Privacy Law is how they’re capturing, using, managing and securing their Employee Data throughout its full lifecycle.
There are many use cases that HR professionals and leaders will need to think as they prepare for further developments related to China’s Personal Information Privacy Law including:
Under the PIPL, you have to update your staff and applicants with privacy notices that specify what is the purpose of the processing, what is the legal basis for such processing, and who is processing their personal data.
HR will have to implement a lawful mechanism to transfer personal data out of China. The exact mechanisms have yet to be defined by the Chinese government.
Personal information handlers, meaning persons or companies making the decision to launch data processing and overseeing the means by which personal data is processed, must notify the Data Protection Authorities once made aware of a personal data breach.
HR is now expected to document and demonstrate compliance with the PIPL, such as being able to provide a registry of applications, processes and categories of data being processed by your organisation.
Given the complexity of compliance, it is not surprising that over three quarters of HR leaders are using the PIPL, GDPR and other data privacy legislation as a driver for seeking an outsourced HCM solution.
Why outsource? Your company may not have the technical expertise or resources to carry out the necessary requirements of the PIPL and outsourcing your HR data processing to a cloud-based HCM provider like ADP can go a long way towards meeting the burden of accountability. ADP has experience in successfully implementing privacy principles similar to PIPL across the globe. We have operationalised PIPL provisions within our services to help you navigate compliance challenges. ADP can help your organisation position itself to meet the requirements of this demanding new age in China’s privacy protection.
Meet the PIPL requirements with ADP’s suite of global payroll products.
Recent blog articles
guidebook
guidebook
guidebook
Let's find the perfect solution for your business
Call us at: +65 6499 5388
Your privacy is assured.
