ISACA Helps Enterprises Navigate China’s Personal Information Protection Law in New Resource

SCHAUMBURG, Ill.--(BUSINESS WIRE)--China’s Personal Information Protection Law (PIPL) recently went into effect, with potential consequences for enterprises around the world. A new complimentary white paper from ISACA, Insights Into China’s Personal Information Protection Law, explains the key concepts of this new law, provides in-depth information on processing requirements, and explores the complex topic of cross-border data transfer protocols under the PIPL.

The PIPL is the first comprehensive and specialized legislation regarding personal information protection in China. Previously, personal information protection requirements were distributed across several laws, including the Cybersecurity Law (CSL), the Civil Code of the People's Republic of China, and the Data Security Law (DSL). While the PIPL is focused on China, it is applicable not only within the territory of the People’s Republic of China (PRC) but also beyond its borders.

This means that PIPL compliance has become critical for many enterprises around the world since China’s law took effect on 1 November 2021. The white paper outlines a PIPL-related task list for enterprises that need to comply, including:

1. Identify personal information and personal sensitive information.
2. Take sufficient protection measures.
3. Notify individuals of additional information, including the necessity of processing personal data and its impact on individuals.
4. Obtain separate consent and, if necessary, written consent.
5. Conduct a security impact assessment.

ISACA’s white paper also discusses how the PIPL applies to all sectors, all types of enterprises (including government agencies) and most processing activities, and compares China’s PIPL to the European General Data Protection Regulation (GDPR) and the US National Institute of Standards and Technology (NIST) Privacy Framework.

“Today, enterprises must be well versed in a complex set of privacy regulations across many countries, regions and sectors,” says Safia Kazi, Privacy Professional Practices Principal at ISACA. “China's Personal Information Protection Law has far-reaching impacts and organizations across the globe will need to pay attention to how is enforced and ensure they are complying.”

ISACA has additional privacy resources, including its recent Privacy in Practice 2022 survey report and Privacy by Design and Default: A Primer book.

To download a complimentary copy of the Insights Into China’s Personal Information Protection Law white paper, visit https://store.isaca.org/s/store#/store/browse/detail/a2S4w000005FJgmEAG.

About ISACA

For more than 50 years, ISACA^® (www.isaca.org) has advanced the best talent, expertise and learning in technology. ISACA equips individuals with knowledge, credentials, education and community to progress their careers and transform their organizations, and enables enterprises to train and build quality teams. ISACA is a global professional association and learning organization that leverages the expertise of its more than 150,000 members who work in information security, governance, assurance, risk and privacy to drive innovation through technology. It has a presence in 188 countries, including more than 220 chapters worldwide. In 2020, ISACA launched One In Tech, a philanthropic foundation that supports IT education and career pathways for under-resourced, under-represented populations.