How to prepare for China’s PIPL


A simple checklist to help you prepare for the China’s Personal Information Protection Law

This article outlines the summary of the new law, and highlights the potential impacts for multinational companies and any companies doing business in China. Finally, there is a simple checklist at the end of the article to help the readers do a self-assessment and determine whether further actions need to be taken by their companies.




Overview of the PIPL

1. Scope

Similar to the General Data Protection Regulation (GDPR), the PIPL will have an extraterritorial effect if processing, outside of China, of personal information of natural persons who are in China, if such processing is:

a. for the purpose of providing products or services to natural persons in China;

b. to analyse/evaluate the behaviour of natural persons in China; or

c. other circumstances prescribed by laws and administrative regulations.

Previously, exterritorial jurisdiction was only provided in draft regulations and national guidelines did not have a binding effect. For the first time, the PIPL explicitly specifies the broad reach of its purported exterritorial jurisdiction.

That means, having your own legal entity or appointed an individual contact point inside of China will be a mandatory requirement for processing or transferring Personal Information outside of China.

2. Consent

The PIPL clearly stated the consent letter should include:

1. Data processor’s name and contact

2. The purpose, method of processing the data, and the type, storage of personal data

3. Methods and procedures for individuals to exercise their rights under PIPL

And the withdrawal of the consent should be accepted if the data subject is no longer willing to share the personal information.

3. Processing of sensitive personal information

The sensitive personal information may include bio identity, religion, special identity, medical information, financial account, whereabouts etc. and information of an individual under 14-year-old.

Personal information processors can process sensitive personal information only when they have a specific purpose and sufficient necessity and take strict protective measures.

4. De-identification & Anonymization

De-identification refers to the process in which personal information is processed so that it cannot identify a specific natural person without the help of additional information.

Anonymization refers to the process in which personal information cannot be identified and cannot be restored after processing.

Your PIPL Checklist

1. Does your current data provider has their own legal entity or have appointed a dedicated representative in China?

2. Does the current consent form you are using applies to the PIPL requirement?

3. Does your current process involved sensitive personal data processing?

4. Does your data provider follow the rules of De-identification & Anonymization? e.g. Masking the data, allowing deletion of data upon request, etc.

5. Other actions may be required: Cyberspace Administration of China (CAC)’s standard contract may need to be signed.

AsiaVerify is a RegTech company, incorporated in Singapore, focused on building an automated, simplified and streamlined solution for risk mitigation and compliance systems in an effort to increase trust and safety when you are doing business in Asia. AsiaVerify provides an online platform with access to the most legally authoritative and compliant sources, to instantly verify businesses, customers and shareholders, fully translated in real-time.

To know more about another new law in China, the Data Security Law, please click here.


To find out more about the PIPL and how it will impact your business or the solutions AsiaVerify offers, please


contact us

Asiaverify 02

AsiaVerify wins prestigious SFF Global FinTech Award, presented by Monetary Authority of Singapore

read article >

Alibaba Cloud Partnership

AsiaVerify and Alibaba Cloud Form Partnership

read article >


Compliance in a Brave New Regulated World

Whilst the Global Financial Crisis occurred over 14 years ago now, the crisis created many expected and unexpected flow-on effects that continue to be felt today.

read article >

Joanna Wands Profile

AsiaVerify is pleased to introduce Joanna Wands, aka Mirabel

Mirabel has over 15 years of experience in RegTech, working with companies across EMEA and APAC to implement solutions that manage compliance risks and improve business processes. She is passionate about financial crime prevention and focuses on helping businesses better understand who they are working with in Asian markets

read article >


You’re invited! Join us as we unveil the next evolution in UBO!

Friday 8 July 4pm SGT


• Expert roundtable - ‘Breaking the chains of complex corporate ownership’

• Get a first look at the biggest game-change in APAC UBO

• Our ultimate 'Fraud-Fighter' revealed

• Plus Cash & Tech prizes