China Personal Information Protection Law.
China's PIPL is a comprehensive data protection law governing the processing of personal information of individuals in China, requiring consent, data localization for critical infrastructure operators, and cross-border transfer security assessments.
Maximum penalty
¥50M or 5% annual revenue
Source: Article 66
Key requirements
Consent-based processing with specific purposes
Data localization for critical infrastructure operators
Cross-border transfer security assessment by CAC
Personal Information Protection Impact Assessment
+2 more requirements in the complete guide.
Get the full PIPL compliance guide →Enforcement examples
Didi Global
Data security violations including illegal data collection
¥8.026B (~$1.2B)
2022
How Tessera automates PIPL compliance
PIPL consent management
Cross-border transfer assessment workflow
Data localization compliance monitoring
CAC security assessment documentation
PIPL compliance checklist
Essential steps to achieve and maintain PIPL compliance.
Obtain valid consent for data processing
Conduct cross-border transfer security assessment
Implement data localization where required
+2 more steps in the full checklist.
Get your complete PIPL compliance checklist - free →Industries affected
Calculate your PIPL exposure.
See exactly how PIPL penalties apply to your revenue and industry profile.