Is your business PIPL-compliant already? If not, then it’s best to start taking action as soon as possible.
On November 1, 2021, the latest data protection law in China came into effect — the Personal Information Protection Law (PIPL). This aims to establish a general framework on how private businesses — inside and outside China — should collect, transfer, and process personal data.
Like Europe’s General Data Protection Regulation (GDPR), the PIPL have stringent standards in place for privacy protection. Both require explicit consent before businesses can handle consumer’s personal information.
PIPL also resembles the California Consumer Privacy Act (CCPA), which establishes a broad definition of personal information. However, CCPA does not obtain an individual’s consent before using or collecting their personal data.
Whether your business already complies with GDPR or CCPA, it’s still important to become PIPL-compliant — especially if you have business transactions in China or your business is based in Singapore.
Since 2013, China has been Singapore’s largest trading partner. With the proclamation of the PIPL, China’s territorial scope of data protection authority was further expanded. This means that the law also applies to all personal information processing activities within and outside the territory of the People’s Republic of China (PRC) such as:
Singapore is just one of the countries doing business with China. Consider taking these steps to help you get started.
As a company, it’s imperative that you coordinate with your employees for whatever changes your business may undergo.
Train all departments, freelancers, and independent contractors in handling personal information parallel to the PIPL policies and procedures. If possible, assemble a team that can evaluate these methods to make sure they’re aligned with the PIPL.
If you’re outsourcing your work to third parties such as customer service, marketing services, and cloud platforms, require them to sign a contract that outlines their responsibilities according to the PIPL principles.
Complying with government laws makes your business more legitimate and credible. Plus, it saves you from having to pay hefty fines.
Once updated, log all guidelines and procedures you put in place to protect user privacy. Conduct regular audit plans to review these procedures and keep them updated.
Today, most businesses are going online. And this can be an advantage to cybersecurity threats.
Make sure your software and IT-enabled services have the required security measures and access rights. If your business allocates cross-border transfers of personal information, consider storing or migrating the data and resources back to China to comply with the data localisation requirement of the PIPL.
As a business owner, it’s important to protect your users' personal information and make data lifecycle transparent to them as this is their right.
PIPL compliance may be intimidating at first, but it’s not that hard if your business already complies with GDPR and CCPA laws. You can hire an attorney or privacy expert to help you speed up your actions and avoid penalties.
While working on becoming PIPL-compliant, secure your online business from cyberattacks with fortified website security. Keep your loyal customers safe with your business.