The Top 10  Most Difficult Countries for Identity Verification

The Top 10  Most Difficult Countries for Identity Verification

Download Report

    n-img-roi-cross

    Before You Go, Schedule Your Free Demo Today

    Valid Invalid number


    Note: Fields marked with an asterisk(*) are mandatory.

    n-exit-img-roi-cross

    Thank you for your demo request

    We appreciate your interest and look forward to discussing how our solution can meet your needs. Expect to hear from us shortly with scheduling details.

    Close

    us

    52.167.144.230

    China’s Data Protection and Privacy Laws | 2023 Update

    b-img-china

    China has witnessed massive growth in the last few decades. However, the rise of the digital economy comes with its own challenges, compromising individuals’ privacy and damaging business reputation. Russia topped the list of countries with the maximum number of accounts breached (104.8 million) in 2022, and China ranked second with 34 million accounts exposed in the examined year. In response to the surge in data breaches, China has enforced data protection and privacy laws to protect citizens’ confidential data. 

    An Overview of China’s Regulatory Framework

    China promulgated and implemented the Data Security Law (DSL) and Personal Information Protection Law (PIPL) in 2021, together with the Cybersecurity Law that was implemented in 2017. The three aforementioned laws comprise the legal framework for managing data in the country. The Cybersecurity Law and Data Security Law focus on protecting public interests and national security. However, the PIPL safeguards individuals’ rights and interests whilst processing confidential details.

    Under the aforementioned regulatory framework, several regulatory bodies and legislative departments have issued implementation requirements. Moreover, industry-specific regulations are revised, and national standards are set to provide practical guidance. For instance, the Cybersecurity Review Measures were declared on January 4, 2022, and were implemented on February 15, 2022. Thus, the regulatory framework for managing data has taken shape with the evolving privacy laws and establishment of practical guidance. 

    Suggested Read: China’s AML Framework and Regulatory Highlights of 2022

    Main Regulator for Data Protection

    In China, no single governing body or organisation is tasked with ensuring adherence to data protection laws. However, the regulatory bodies in charge of protecting confidential data under the PIPL include the Cyberspace Administration of China (CAC), relevant departments under the State Council, relevant provincial cyberspace administrations, and county-level or higher local government departments. In practice, the police are primarily responsible for carrying out practical enforcement, imposing administrative penalties and other crimes related to privacy breaches. 

    Designated regulatory authorities will supervise sector-specific compliance. These industry-specific supervisory bodies include, but aren’t limited to: 

    If the data processing is related to China’s national security, the following bodies might assess the security based on the type of case.

    • Ministry of State Security (MSS)
    • China Securities Regulatory Commission (CSRC)
    • Ministry of Finance (MOF)
    • State Cipher Code Administration (SCCA)
    • Ministry of Commerce (MOC)
    • National Radio and Television Administration (NRTA)

    Suggested Read: China Pledges “ZERO TOLERANCE” for Financial Fraud

    Central Powers and their Responsibilities

    Government agencies in charge of overseeing particular sectors are also tasked with monitoring adherence to data protection-related obligations within those sectors. The pertinent regulators oversee the relevant activity in their respective businesses.

    Here are some of the central powers and their duties: 

    • The CAC oversees extensive planning, coordination, supervision, and personal data protection work management.
    • The pertinent State Council departments are tasked with protecting, supervising, and managing personal information within the respective scope.
    • The relevant department of the country’s national and higher governments are responsible for protecting, supervising, and managing personal information according to pertinent provisions at the state levels.
    • The MPS holds responsibility for overseeing and managing the security and testing of public information systems to regulate defined cybersecurity protection and punish cybercrime.
    • The MIIT is irresponsible in monitoring the cybersecurity of internet companies and telecommunications.
    • The CBIRC is in charge of ensuring that banks and other financial firms comply with data protection laws.
    • The NHFPC is tasked with supervising compliance by medical institutions.
    • The NMPA ensures that medical and healthcare products comply with China’s privacy laws.
    • SAMR oversees data compliance in the consumer sector. 

    Suggested Read: China’S Data Security and Personal Information Protection Laws [2022]

    China Privacy Laws (2023 Update)

    The CAC published the final version of the Measures for the Standard Contract for Cross-border Transfer of Personal Information” (the Measures) and the Standard Contractual Clauses for Cross-border Transfer of Personal Information” specified in the Personal Information Protection Law (PIPL SCCs) on February 22, 2023. Both the measures and (PIPL SCCs will take effect on June 1, 2023. The PIPL SCCs can transfer personal data outside China without undergoing a security assessment under the country’s PIPL.

    China’s six-month grace period that gave businesses time to comply with the security assessment standards stated in the PIPL and the Measures expired on March 1, 2023. Only two businesses have officially gotten approval from the CAC to send data across borders. One was for a collaborative research project between a Chinese hospital and a Dutch medical facility, while the other was from a Chinese state-owned airline. International business applications have not received approval yet.

    The State Council of China revealed plans on March 7, 2023, to merge the country’s privacy functions into a single National Data Bureau to resolve the anomalies in managing China’s data and security regulations.

    Where Does Shufti Step in?

    Shufti is GDPR compliant KYC solution provider that offers privacy and protects citizens’ Personally Identifiable Information (PII). Businesses operating in China need to invest in the KYC solution to abide by international and national standards and evolving regulations. As a result, this prevents them from paying hefty fines and reduces the risk of data breaches and other crimes in this age of digitisation.

    Learn how a KYC solution helps your business abide by privacy laws and avoid heavy penalties. 

    b-banner-IDV in Ensuring Secure Gaming
    Talk to us

    Related Posts

    Blog

    Proof of Address Verification in 2025: Complete Guide to Compliance, Risk & Shufti Insights

    1. 2025 Snapshot: Why Proof of Address Matters More Than Ever In 2025, proof of address (PoA) has...

    Proof of Address Verification in 2025: Complete Guide to Compliance, Risk & Shufti Insights Explore More

    Blog

    Face ID Checks in 2025 – The Ultimate Guide to Protecting Your Business Against Identity Theft with Shufti

    Identity theft losses soared to $12.5 billion in 2024, jumping 25 percent year‑on‑year, while ide...

    Face ID Checks in 2025 – The Ultimate Guide to Protecting Your Business Against Identity Theft with Shufti Explore More

    Blog

    Biometric Authentication – How Fraudsters Try to Bypass in 2025 —and How Shufti Stops Them

    Biometric authentication is no longer a nice‑to‑have. Deepfake toolkits are available for less th...

    Biometric Authentication – How Fraudsters Try to Bypass in 2025 —and How Shufti Stops Them Explore More

    Blog

    Top 7 Trends Shaping the Future of the U.S. Gambling Industry in 2025

    Introduction 2024 was the fourth consecutive record‑breaking year for U.S. commercial gaming, wit...

    Top 7 Trends Shaping the Future of the U.S. Gambling Industry in 2025 Explore More

    Blog

    Intelligent Character Recognition (ICR) 2025: One Step Ahead of OCR

    ICR is shifting from a “nice‑to‑have” to a regulatory requirement. With the EU AI Act entering fo...

    Intelligent Character Recognition (ICR) 2025: One Step Ahead of OCR Explore More

    Blog

    Built for the Threat Ahead: How Shufti Delivers Deepfake Defense 

    From novelty to weapon, deepfakes have seen a surge in accessibility and complexity and, for unpr...

    Built for the Threat Ahead: How Shufti Delivers Deepfake Defense  Explore More

    Blog

    Who’s Really Signing Up? The Hidden Risks Behind iGaming Growth

    Games of chance and wagering money have a long and illustrious history around the world, from ear...

    Who’s Really Signing Up? The Hidden Risks Behind iGaming Growth Explore More

    Blog

    When Compliance Changes Fast, How Can Growth-Stage Companies Keep Up?

    Growth-stage companies face a unique challenge: as their operations expand and regulations evolve...

    When Compliance Changes Fast, How Can Growth-Stage Companies Keep Up? Explore More

    Blog

    Proof of Address Verification in 2025: Complete Guide to Compliance, Risk & Shufti Insights

    1. 2025 Snapshot: Why Proof of Address Matters More Than Ever In 2025, proof of address (PoA) has...

    Proof of Address Verification in 2025: Complete Guide to Compliance, Risk & Shufti Insights Explore More

    Blog

    Face ID Checks in 2025 – The Ultimate Guide to Protecting Your Business Against Identity Theft with Shufti

    Identity theft losses soared to $12.5 billion in 2024, jumping 25 percent year‑on‑year, while ide...

    Face ID Checks in 2025 – The Ultimate Guide to Protecting Your Business Against Identity Theft with Shufti Explore More

    Blog

    Biometric Authentication – How Fraudsters Try to Bypass in 2025 —and How Shufti Stops Them

    Biometric authentication is no longer a nice‑to‑have. Deepfake toolkits are available for less th...

    Biometric Authentication – How Fraudsters Try to Bypass in 2025 —and How Shufti Stops Them Explore More

    Blog

    Top 7 Trends Shaping the Future of the U.S. Gambling Industry in 2025

    Introduction 2024 was the fourth consecutive record‑breaking year for U.S. commercial gaming, wit...

    Top 7 Trends Shaping the Future of the U.S. Gambling Industry in 2025 Explore More

    Blog

    Intelligent Character Recognition (ICR) 2025: One Step Ahead of OCR

    ICR is shifting from a “nice‑to‑have” to a regulatory requirement. With the EU AI Act entering fo...

    Intelligent Character Recognition (ICR) 2025: One Step Ahead of OCR Explore More

    Blog

    Built for the Threat Ahead: How Shufti Delivers Deepfake Defense 

    From novelty to weapon, deepfakes have seen a surge in accessibility and complexity and, for unpr...

    Built for the Threat Ahead: How Shufti Delivers Deepfake Defense  Explore More

    Blog

    Who’s Really Signing Up? The Hidden Risks Behind iGaming Growth

    Games of chance and wagering money have a long and illustrious history around the world, from ear...

    Who’s Really Signing Up? The Hidden Risks Behind iGaming Growth Explore More

    Blog

    When Compliance Changes Fast, How Can Growth-Stage Companies Keep Up?

    Growth-stage companies face a unique challenge: as their operations expand and regulations evolve...

    When Compliance Changes Fast, How Can Growth-Stage Companies Keep Up? Explore More

    Take the next steps to better security.

    Contact us

    Get in touch with our experts. We'll help you find the perfect solution for your compliance and security needs.

    Contact us

    Request demo

    Get free access to our platform and try our products today.

    Get started