As China toughens its stand on Big Tech and international companies, the new Personal Information Protection Law (PIPL) law now requires global businesses that process information from China to obtain user consent and establish a data map.

The Chinese legislation, which came into force last month, outlines data processing requirements for companies based outside of China, which included”passing a security assessment conducted by state authorities”, reports ZDNet.

“Multinational corporations (MNCs) that move personal information of the country also will have to obtain certification on data protection from professional institutions,” said Eileen Yu, a contributor to the media outlet.

China is amid a large-scale crackdown on big tech companies both those from the US and its native giants. Designed like a Chinese data-protection law, it introduces a range of regulations about how data can be collected and stored, with the threat of potentially massive fines of up to 5 percent of a company’s annual turnover.

The Chinese government has described the legislation as necessary to address the “chaos” created, in which online platforms had been excessively collecting personal data. Like the EU’s General Data Protection Regulation (GDPR), “companies would need to obtain consent before collecting and using data from customers under PIPL” However, the Chinese law does not include legitimate interests or purposes as a condition for data processing, while GDPR does. 


“The exclusion of legitimate purposes could mean that MNCs would have to seek the consent of all employees in China if they had not already done so before their HR departments were permitted to process the employee’s info motion,” the report noted. 

According to the new Chinese data protection law, violators that fail to comply with orders to rectify the breach will face fines of up to 1 million yuan ($150,000), while the person responsible for ensuring compliance can be fined between 10,000 yuan ($1,500) and 100,000 yuan ($15,000). 

For “serious” cases, Chinese authorities also dish out fines of up to 50 million yuan ($7.5 million) or 5 percent of the company’s annual turnover for the previous fiscal year, according to the report. A few global firms, that still have operations in China, are leaving the country after the new personal data law came into force.