Chinese data regulators are intensifying their focus on the data protection compliance audit obligations under the Personal Information Protection Law (“PIPL“), with the release of the Administrative Measures for Personal...more
2/20/2025
/ China ,
Compliance ,
Data Privacy ,
Data Protection ,
Incident Response Plans ,
Personal Data ,
Personal Information ,
Personal Information Protection Law (PIPL) ,
Privacy Laws ,
Regulatory Agenda ,
Regulatory Requirements ,
Risk Management
Additional and clarified data compliance obligations will soon come into force under the long-awaited Network Data Security Management Regulation (“Regulation“), which was released on 30 September 2024. The Regulation is...more
We previously wrote about proposed changes to the definition of sensitive personal information under a June 2024 draft of the Guide for Sensitive Personal Information Identification (“Guide“). The Guide has now (September...more
The Personal Information Protection Law (“PIPL“) requires a data controller to conduct compliance audits of its personal data processing activities on a regular basis (“Self-supervision Audits“). Apart from such...more
9/3/2024
/ Audits ,
China ,
Compliance ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Security ,
International Data Transfers ,
Personal Data ,
Personal Information ,
Personal Information Protection Law (PIPL) ,
Regulatory Requirements
While the definition of sensitive personal information in China has always been different to other jurisdictions, with a focus on risk of harm at its heart, new draft guidance should make it easier for organisations to map...more