Is your business PIPL-compliant already? If not, then it’s best to start taking action as soon as possible.
On November 1, 2021, the latest data protection law in China came into effect — the Personal Information Protection Law (PIPL). This aims to establish a general framework on how private businesses — inside and outside China — should collect, transfer, and process personal data.
Like Europe’s General Data Protection Regulation (GDPR), the PIPL have stringent standards in place for privacy protection. Both require explicit consent before businesses can handle consumer’s personal information.
PIPL also resembles the California Consumer Privacy Act (CCPA), which establishes a broad definition of personal information. However, CCPA does not obtain an individual’s consent before using or collecting their personal data.
Whether your business already complies with GDPR or CCPA, it’s still important to become PIPL-compliant — especially if you have business transactions in China or your business is based in Singapore.
Since 2013, China has been Singapore’s largest trading partner. With the proclamation of the PIPL, China’s territorial scope of data protection authority was further expanded. This means that the law also applies to all personal information processing activities within and outside the territory of the People’s Republic of China (PRC) such as:
Singapore is just one of the countries doing business with China. Consider taking these steps to help you get started.
As a company, it’s imperative that you coordinate with your employees for whatever changes your business may undergo.
Train all departments, freelancers, and independent contractors in handling personal information parallel to the PIPL policies and procedures. If possible, assemble a team that can evaluate these methods to make sure they’re aligned with the PIPL.
If you’re outsourcing your work to third parties such as customer service, marketing services, and cloud platforms, require them to sign a contract that outlines their responsibilities according to the PIPL principles.
RECOMMENDED: 7 Tips to Establish a Strong Information Policy in Your Org
Complying with government laws makes your business more legitimate and credible. Plus, it saves you from having to pay hefty fines.
Revise your privacy policy, terms and conditions, contracts, and even cookie notifications so they align with PIPL. If you don’t ask for explicit, voluntary consent in handling an individual’s personal information before, it’s not too late to do so moving forward.
Once updated, log all guidelines and procedures you put in place to protect user privacy. Conduct regular audit plans to review these procedures and keep them updated.
Today, most businesses are going online. And this can be an advantage to cybersecurity threats.
Make sure your software and IT-enabled services have the required security measures and access rights. If your business allocates cross-border transfers of personal information, consider storing or migrating the data and resources back to China to comply with the data localisation requirement of the PIPL.
As a business owner, it’s important to protect your users' personal information and make data lifecycle transparent to them as this is their right.
RECOMMENDED: 7 Cybersecurity Basics and Their Importance to your Biz
PIPL compliance may be intimidating at first, but it’s not that hard if your business already complies with GDPR and CCPA laws. You can hire an attorney or privacy expert to help you speed up your actions and avoid penalties.
While working on becoming PIPL-compliant, secure your online business from cyberattacks with fortified website security. Keep your loyal customers safe with your business.
Other Stuff
Bonus Content