Current Events News

1 Min

DataGuard News – Data protection in China

Boris Otterbach
Boris Otterbach

Principal Privacy

From 1 November, the People's Republic of China will introduce its first comprehensive data protection law. The Personal Information Protection Law (PIPL) will then apply to all companies operating in China – being an important trading partner and market, also for UK companies. The law adopts some of the principles of the European and UK GDPR. A brief overview of what needs to be considered now

PIPL vs. DSGVO: the similarities 

The PIPL is intended to minimise data misuse by large tech and internet companies in China. It focusses primarily on one important aspect that should sound familiar for those who understand the GDPR: the explicit consent of data subjects to the processing of their data. According to PIPL, companies who process personal data in China will have to obtain consent, among other things, if they want to collect, store or process personal data. In this context, companies must inform data subjects about the purpose and methods of their data collection. 

PIPL vs. GDPR: the differences 

There are already clear gaps in the PIPL: for example, essential data subject rights such as the right to erasure are completely missing. Here, further alignment with the UK law would be desirable. Just like the GDPR, the scope of application of the PIPL does not cover state bodies – with the difference that the Chinese law lacks a reference to the powers of these bodies (as in Article 2, UK GDPR). 

Do I need to take action? 

Find out what the new law specifically means for you. For example, the PIPL refers in particular to advertising and tracking – industrial groups that merely purchase raw materials from China are therefore less affected than app and software developers or platform operators. As far as implementation is concerned, you will probably already be familiar with some things from the last 2-3 years of GDPR. Use your experience and measures already taken to guarantee a most efficient and effective implementation. 

Outlook

In summary, the following can be said about the PIPL: In principle, no matter what the motivation, any form of data protection is welcome and every step in this direction is a good one – however, a more far-reaching protection would be desirable for the future, which would not only hold companies but all data-collecting bodies equally accountable. 

Sign up to our newsletter – Get practical tips and invitations to webinars and online Q&A sessions.Subscribe now

 
Originally published updated
Tags Current Events News

About the author

Boris Otterbach Boris Otterbach
Boris Otterbach

Principal Privacy

Boris Otterbach ist Jurist und zertifizierter Datenschutzbeauftragter mit über fünf Jahren Erfahrung in diesem Bereich. Bereits während seines Studiums hat er sich vertieft mit den Bereichen Europarecht, Völkerrecht und Menschenrechtsschutz beschäftigt. Dabei war auch das Thema Datenschutz ein zentraler Aspekt. Die DSGVO hilft dabei, gemeinsam europäische Rahmenbedingungen zu schaffen, damit alle denselben Schutz erfahren – und diese Rahmenbedingungen müssen mit pragmatischen, alltagsfähigen Lösungen befüllt werden. Bei DataGuard arbeitet Boris an der Entwicklung pragmatischer Lösungen für DSGVO-Schutzmaßnahmen, damit Unternehmen DSGVO-konform werden können. Die tägliche Arbeit durch mehr Automatisierung effektiver zu gestalten, treibt ihn an, bei DataGuard jeden Tag neue Herausforderungen zu meistern und sicherzustellen, dass Unternehmen aus datenschutzrechtlicher Sicht geschützt sind und neueste Technologien optimal genutzt werden. Als Berater betreute er vor allem Kunden aus den Bereichen Personalwesen, Hotel und Gastgewerbe. In seiner Rolle als Principal Professional Services bei DataGuard unterstützt er die Datenschutz- , Informationssicherheit- und Compliance- Teams mit seinem umfassenden Know-how und seiner Erfahrung, um die Menschen hinter den Daten zu schützen.

Explore more articles

Don’t miss these topics:

Related Articles

Empowering Privacy UK: What businesses can learn from the latest privacy discussions

5 Min

Empowering Privacy UK: What businesses can learn from the latest privacy discussions

Discover key takeaways from Empowering Privacy UK: practical tips on risk, DUAA, PETs and AI governance to strengthen compliance and build trust.

Read more
Not just a document: how to effectively embed privacy into product design
Data Privacy

4 Min

Not just a document: how to effectively embed privacy into product design

Discover how to embed privacy into product design—turning compliance into culture while balancing innovation, trust, and regulatory demands.

Read more
Rethinking GDPR: reform, oversight, and the role of the DPO

4 Min

Rethinking GDPR: reform, oversight, and the role of the DPO

Get expert insights on GDPR’s future as leaders debate reform, oversight, and risk-based approaches to ease compliance while strengthening data protection.

Read more
Ads personalization and regulation—let's talk about consent!

7 Min

Ads personalization and regulation—let's talk about consent!

Hear from industry experts on how you can navigate consent, personalized ads, and regulation to future-proof your digital business.

Read more
From privacy to multi-domain compliance: Takeaways from Empowering Privacy Germany

3 Min

From privacy to multi-domain compliance: Takeaways from Empowering Privacy Germany

Learn from industry experts how to break down silos and evolve compliance beyond privacy to integrate data protection, AI governance, and cybersecurity.

Read more
The future of AI in Europe: Key insights from Empowering Privacy Germany

6 Min

The future of AI in Europe: Key insights from Empowering Privacy Germany

From Munich’s EU AI Policy panel: experts urge clarity, pragmatism, and collaboration to balance AI innovation with regulation.

Read more