NEW TO PIPL?
What businesses need to know
As China’s first comprehensive personal data protection law, China’s Personal Information Protection Law (PIPL) applies both to personal data handled within China’s borders and to personal data related to the people of China.
Effective November 2021
The PIPL went into effect November 1, 2021 and is already being enforced, with Didi fined 8 billion RMB for violations in illegal data handling and excessive data collection. China is already demonstrating their focus on ensuring data controllers are compliant with PIPL
Going beyond PIPL
Just months after PIPL, additional measures have been finalized, including the Security Assessment Measures for cross-border data transfers and the Draft Standard Contract for data processing. Given China’s rapidly changing privacy landscape, companies should look for a nimble platform to ensure they meet compliance obligations.
Extending privacy rights for individuals
PIPL largely follows GDPR in granting data subject rights and requiring individual consent. Companies seeking to comprehensively honor requests under this territorial scope need a solution that can easily be customized to China’s region.
OBTAIN USER CONSENT
Streamline obtaining both consent and separate consent
PIPL requires companies to clearly notify and obtain individual consent for all data collection and processing activities, obtaining both consent and in some instances, separate consent. Transcend Consent auto-classifies data flows and cookies, ensuring nothing is tracked without user consent.
FULFILL INDIVIDUAL DATA RIGHTS
Engineered for any data action, for any data subject.
China’s PIPL extends rights to access, correct, delete, modify, or restrict processing of personal data to data subjects, similar to GDPR and U.S. privacy laws. Transcend Privacy Requests is engineered with flexibility—you can submit requests programmatically or receive data subject requests using Transcend's Privacy Center, with flexibility and automation in mind.
const privacyRequest = await transcend.get(`/data-subject-request/${id}`); if (privacyRequest.type === 'ERASURE') { await deleteUserById(privacyRequest.coreIdentifier); }
Pull the latest requests from Transcend and execute existing deletion code. Or, connect your database directly to Transcend.
HONOR TRANSFER REQUIREMENTS
Data governance for lawful storage compliance
PIPL favors personal data stored domestically. When this is not the case, data transferred outside of the territory requires additional security assessments and specific user consent. To handle this, Transcend auto-populates your Data Inventory, including DPAs and entity locations, so your team has easy visibility into where and how much data is collected and transferred.
COMPLIANCE WITHOUT COMPLEXITY
Engineered to enable efficient operations and seamless compliance.
Consent
California requires businesses to recognize and honor all opt-out requests, including those from privacy signals like GPC. Transcend goes beyond basic compliance and ensures user opt outs are propagated downstream by automatically appending platform-specific flags like Facebook’s LDU and Google’s RDP.