Seraphim
セラフィム Vietnam
个人信息保护法 合规检查工具
Assess your organization's compliance with China's Personal Information Protection Law (PIPL). This tool evaluates consent mechanisms, cross-border transfers, data localization, sensitive data handling, and CAC security assessment requirements.
The Personal Information Protection Law (个人信息保护法) is China's comprehensive data protection law, effective November 1, 2021. It establishes strict requirements for collecting, processing, and transferring personal information, with extraterritorial reach to foreign organizations processing Chinese citizens' data.
法律依据与同意 • Lawful processing requirements
Do you obtain voluntary, explicit consent before collecting personal information?
Do you obtain separate consent for processing sensitive personal information?
Can individuals withdraw consent easily and at any time?
个人权利 • Data subject rights
Do you provide mechanisms for individuals to access their personal information?
Can individuals request correction or deletion of their data?
Do you support data portability requests to transfer data to other processors?
跨境数据传输 • International transfer requirements
Do you conduct Personal Information Protection Impact Assessments (PIPIA) before cross-border transfers?
Have you undergone CAC security assessment for cross-border transfers (if required)?
Do you use CAC-approved standard contractual clauses for international transfers?
数据本地化 • Domestic storage requirements
Do you store personal information collected in China domestically (if CIIO or threshold met)?
敏感个人信息 • Enhanced protection requirements
Have you identified sensitive personal information (biometrics, health, finance, minors' data)?
Do you only process sensitive PI when strictly necessary and inform individuals of necessity?
For minors under 14, do you obtain parental/guardian consent?
安全措施 • Technical and organizational safeguards
Do you implement encryption and de-identification for personal information protection?
Do you have access controls and staff authorization procedures?
Do you conduct regular security audits and assessments?
事件响应 • Breach notification obligations
Do you have a documented data breach response plan?
Can you promptly notify authorities and affected individuals of security incidents?
治理与数据保护官 • Organizational requirements
Have you designated a person responsible for personal information protection (if processing large volumes)?
Do you maintain records of processing activities?
Do you provide staff training on PIPL compliance?
If foreign entity, have you established a local representative or entity in China?
Our consultants help organizations navigate PIPL requirements including cross-border transfer mechanisms, CAC security assessments, and data localization. We serve clients operating in or with China.
💬 Get Free Consultation • 免费咨询The Personal Information Protection Law (PIPL/个人信息保护法), effective November 1, 2021, is China's comprehensive data protection framework. Often compared to GDPR, PIPL establishes strict requirements for processing personal information and has significant extraterritorial reach, applying to foreign organizations that process Chinese citizens' data for the purpose of providing products/services to China or analyzing their behavior.
Penalties under PIPL are among the strictest globally: up to 50 million RMB or 5% of annual revenue for serious violations, business suspension, license revocation, and personal liability for responsible individuals (fines of 100,000-1,000,000 RMB and prohibition from management positions).