Written by
Eileen Yu, Contributor
Eileen Yu
Contributor
Eileen Yu began covering the IT industry when Asynchronous Transfer Mode was still hip and e-commerce was the new buzzword. Currently an independent business technology journalist and content specialist based in Singapore, she has over 20 years of industry experience with various publications including ZDNet, IDG, and Singapore Press Holdings.
Full Bio
Posted in By The Way
on December 25, 2021
| Topic: Security
International businesses that process information from China should obtain user consent and establish a data map, so they do not run afoul of the country’s Personal Information Protection Law (PIPL). Specifically, they should look closely at cross-border data flow and residency, even as more clarity still is needed on some components in the new legislation.
Organisations that already are set up to comply with Europe’s General Data Protection Regulation (GDPR), though, have a good foundation on which to work towards PIPL adherence.
Passed in August, the Chinese legislation came into force last month, laying out ground rules around how data should be collected, used, and stored. It outlines data processing requirements for companies based outside of China, which included passing a security assessment conducted by state authorities.
Multinational corporations (MNCs) that move personal information of the country also will have to obtain certification on data protection from professional institutions. The Chinese government described the legislation as necessary to address the “chaos” created, in which online platforms had been excessively collecting personal data.
China
|
Security TV
|
Data Management
|
CXO
|
Data Centers