book a virtual meeting Search Search
why mk
find out more
corporate social responsibility
find out more
macpherson kelley foundation
find out more
why choose mk?
find out more
are you a graduate?
find out more
work with us
view vacancies
brisbane

one eagle – waterfront brisbane
level 30, 1 eagle street
brisbane qld 4000
+61 7 3235 0400
get directions find a lawyer
dandenong

40-42 scott st,
dandenong vic 3175
+61 3 9794 2600
get directions find a lawyer
melbourne

level 7, 600 bourke st,
melbourne vic 3000
+61 3 8615 9900
get directions find a lawyer
sydney

level 21, 20 bond st,
sydney nsw 2000
+61 2 8298 9533
get directions find a lawyer

hello. we’re glad you’re
getting in touch.

Fill in form below, or simply call us on 1800 888 966

Home > News & Insights > China’s new privacy Law – how will it affect your business?

China’s new privacy Law – how will it affect your business?

24 October 2022
kelly dickson
Read Time 2 mins reading time
Kelly Dickson managing principal lawyer - dandenong, commercial

China has implemented further cyber and data security legislation to protect the rights and interests of individuals, regulate personal information processing activities, and facilitate reasonable use of personal information.

The introduced legislation, “China’s Personal Information Protection Law” (PIPL), was introduced on 1 November 2021 and can be seen as somewhat comparative to the European Privacy Laws (GDPR). The obligations imposed by the PIPL are substantial, and if not complied with, businesses may face significant penalties. It is important that businesses operating in China have appropriate policies and procedures in place to comply with the PIPL.

three pillars of legislation

When it comes to cyber and data security, China is now regulated by three pieces of legislation:

  1. The Personal Information Protection Law (2021) (PIPL);
  2. The Data Security Law (2021); and
  3. The Cybersecurity Law (2017).

the personal information protection law (PIPL)

the PIPL has been introduced to:

  • define personal information;
  • implement nine basic principles for personal information processing;
  • set out the rights of personal information subjects;
  • provide rules on data localisation and cross-border transfer; and
  • set out the personal information processor obligations.

how does the introduction of PIPL affect businesses?

The introduction of PIPL will affect businesses as:

  • it gives data subjects more rights over the use of their data;
  • there are larger requirements on data sharing and cross-border data transfers;
  • there are penalties and fines for breaches;
  • businesses will need to implement mandatory cybersecurity controls when storing and processing personal information;
  • businesses will have obligatory data localisation requirements if thresholds are met.

If businesses have not already considered how these changes will affect them, we strongly suggest that they put privacy as their key focus and implement appropriate policies and procedures.

For additional information about how this new legislation may affect businesses, please see here the PrivacyRules information brochure.

how macpherson kelley can help

For further information or a review of your compliance with Chinese Privacy laws, please contact one of our experts.

Macpherson Kelley is the only Australian law firm member of PrivacyRules, a global alliance of law firms and tech and cyber experts able to advise on all aspects of privacy issues and risk. For an introduction to our PrivacyRules colleagues in other jurisdictions around the world, please contact Kelly Dickson.

Macpherson Kelly has a China Focus Group which advises and assists Australian individuals or businesses doing business in China as well as Chinese individuals or businesses doing business in Australia. We have a track record of performance partnering with Chinese state owned and private enterprises as well as foreign residents for significant transactions, investment and commercial structuring.

Click here for translated information on our China focus group.

 

Kelly Dickson managing principal lawyer - dandenong, commercial

more
insights
03 May 2024

Queensland Government agencies’ obligations strengthened

read more
30 April 2024

Australians can now sue for ‘serious’ breaches of privacy

read more
20 March 2024

Victoria and Queensland’s foreign company land tax concessions

read more

stay up to date with our news & insights

China’s new privacy Law – how will it affect your business?

24 October 2022
kelly dickson

China has implemented further cyber and data security legislation to protect the rights and interests of individuals, regulate personal information processing activities, and facilitate reasonable use of personal information.

The introduced legislation, “China’s Personal Information Protection Law” (PIPL), was introduced on 1 November 2021 and can be seen as somewhat comparative to the European Privacy Laws (GDPR). The obligations imposed by the PIPL are substantial, and if not complied with, businesses may face significant penalties. It is important that businesses operating in China have appropriate policies and procedures in place to comply with the PIPL.

three pillars of legislation

When it comes to cyber and data security, China is now regulated by three pieces of legislation:

  1. The Personal Information Protection Law (2021) (PIPL);
  2. The Data Security Law (2021); and
  3. The Cybersecurity Law (2017).

the personal information protection law (PIPL)

the PIPL has been introduced to:

  • define personal information;
  • implement nine basic principles for personal information processing;
  • set out the rights of personal information subjects;
  • provide rules on data localisation and cross-border transfer; and
  • set out the personal information processor obligations.

how does the introduction of PIPL affect businesses?

The introduction of PIPL will affect businesses as:

  • it gives data subjects more rights over the use of their data;
  • there are larger requirements on data sharing and cross-border data transfers;
  • there are penalties and fines for breaches;
  • businesses will need to implement mandatory cybersecurity controls when storing and processing personal information;
  • businesses will have obligatory data localisation requirements if thresholds are met.

If businesses have not already considered how these changes will affect them, we strongly suggest that they put privacy as their key focus and implement appropriate policies and procedures.

For additional information about how this new legislation may affect businesses, please see here the PrivacyRules information brochure.

how macpherson kelley can help

For further information or a review of your compliance with Chinese Privacy laws, please contact one of our experts.

Macpherson Kelley is the only Australian law firm member of PrivacyRules, a global alliance of law firms and tech and cyber experts able to advise on all aspects of privacy issues and risk. For an introduction to our PrivacyRules colleagues in other jurisdictions around the world, please contact Kelly Dickson.

Macpherson Kelly has a China Focus Group which advises and assists Australian individuals or businesses doing business in China as well as Chinese individuals or businesses doing business in Australia. We have a track record of performance partnering with Chinese state owned and private enterprises as well as foreign residents for significant transactions, investment and commercial structuring.

Click here for translated information on our China focus group.