China’s completed Personal Information Protection Law: Rights plus cyber-security

China’s new data protection law will take effect on 1 November, leaving organisations little time to prepare for compliance. By Graham Greenleaf.

On 20 August 2021 the Standing Committee of China’s National People’s Congress (SC-NPC, not the NPC itself) enacted the Personal Information Protection Law (PIPL), the culmination of over a decade of incremental legislative reform.(1) Businesses must adjust rapidly to the law’s starting date of 1 November 2021.

Since the first draft of the PIPL was released by the SC-NPC in October 2020, it has been revised in a succession of drafts. One purpose of this article is to detail these changes. The other purpose is to place the PIPL in the context of China’s near-complete cybersecurity laws, of which it is part.

Continue reading

International Report subscribers please login to access the full article.

If you wish to subscribe please see our subscription information.