China Unveils The Draft Of The New Personal Data Protection Law

China’s economy has prospered during the last years. There are over 900 million internationals in China. According to Beijing authorities, China has clear legal provisions to protect the rights and legal interests of the citizens and organizations, including the personal data.

Wang Yi, China’s Foreign Minister stated that China is currently witnessing a new round of technological revolution and industrial transformation.

The draft of the new PDPL (Personal Data Protection Law) launched by China is inspired by the GDPR (The General Data Protection Regulation), it contains 70 articles and includes data protection principles such as ”transparency, fairness, purpose limitation, data minimization, limited retention, data accuracy and accountability.”

Under the PDPL, organizations outside of China will need to appoint a representative in China and ”report relevant information of their domestic organization or representative to Chinese regulators.”

Compared to GDPR, PDPL does not differentiate between data controller and data processor but assigns responsibility and demands compliance to the ‘’personal data processor’’ which, within this new regulation can be organizations or individuals which are handling personal data and have the ability to determine the scope of processing.

The law places a special emphasis on the obtaining consent as the only legal basis for the processing of personal data. This must be clear, freely expressed by the data subjects. Moreover, PDPL will request the obtaining of a separate consent when processing sensitive data such as data on ethnicity, religious beliefs, personal information of minors under the age of 14.

Once it is promulgated, a separate consent of the data subject will also be required regarding the cross-border transfer of personal data.

Similar to GDPR, the PDPL aims to increase the protection of the citizens’ data and provides several methods of security management, such as periodic compliance audits, risk assessments, periodic training of employees etc.


Need help?

Sovy’s GDPR Essentials can help you get compliant and stay compliant with our suite of on-line tools and services, including:

  • eLearning for GDPR and CyberSecurity
  • Cookie Consent Manager with data rights access requests
  • Privacy Policy Builder
  • Records of Data Processing

We also offer Advisory Services for additional support to address your company’s needs


Find out more about how the Sovy GDPR Privacy Essentials can help you or get in touch with Sovy for more information.