The Top 10  Most Difficult Countries for Identity Verification

The Top 10  Most Difficult Countries for Identity Verification

Download Report

    n-img-roi-cross

    Before You Go, Schedule Your Free Demo Today

    Valid Invalid number


    Note: Fields marked with an asterisk(*) are mandatory.

    n-exit-img-roi-cross

    Thank you for your demo request

    We appreciate your interest and look forward to discussing how our solution can meet your needs. Expect to hear from us shortly with scheduling details.

    Close

    us

    2a03:2880:f800:e::

    China’s New Data Security and Personal Information Protection Laws [2022 Update]

    b-img-china

    For the purpose of identification, interdiction, and prevention, many governments, regulators, and businesses are collaborating to draw a distinction between fraud and financial crime. However, the boundaries are blurring, since the cyber threats are on the continuous rise, which is uncovering the extent to which online criminal activities have become interrelated and more complex. Due to this, a large number of well-established businesses are under the stress of cybercrimes, particularly, data breaches. 

    Like other countries across the world, China is also experiencing digitization. However, with the advent of digital file transfer and cloud storage by industries, data breaches, and identity theft crimes are occurring at a fairly high rate. Thus, there was a total of $6 trillion loss in cybercrimes globally in 2021. Thus, the government of China has come up with two new laws associated with data security and personal information protection which was legislated in the fall of 2021, aimed to provide a comprehensive approach to enhance data security, cybersecurity, and individual privacy.

    Insights into Cyber Security and Data Protection laws in China

    In recent years, China’s data protection and customer privacy regulation regime has been enhanced periodically to eliminate the risk of data breaches and identity theft. The Personal Information Protection Law (PIPL) became part of the ever-evolving regime on 1 November 2021 and is considered the country’s first comprehensive data protection law. The rule regulates the use of Personally Identifiable Information (PII) by individuals as well as businesses within the China boundaries. In addition to this, two other laws, regarding cybersecurity and data protection compliance, Cybersecurity Law (CSL) and Data Security Law (DSL) respectively.

    Other than these laws, The Civil Code of the People’s Republic of China (The Civil Code) was also legislated in the first half of 2021 that provided the true rights of personal information protection and privacy. It was also made mandatory for every business to streamline its operation with these laws. However, under the Civil Code, a completely new era of data protection and privacy started. Meanwhile, the same patterns of amendments and emergence of new cybersecurity guidelines are also expected in 2022. Moreover, there are also specific standards and guidelines for industries such as finance, healthcare, and so on.

    b-img-breach

    New China’s Data Security and Personal Information Laws

    In accordance with the Data Security Law (DSL), a rigid framework is developed that classifies PII gathered and stored in China, based on its potential impact on the country’s national security. It also governs the storage and transfer depending on the classification level. However, this law is legislated as a response to the US Clarifying Lawful Overseas Use of Data Act (CLOUD Act). 

    Categories of Data

    “Core data” under this law is comprehensively defined as any kind of data that can impact Chinese national and economic security, public welfare, or interest requires a maximum degree of guidelines and protection. “Important data” is the next highly sensitive level of data, but its scope is left undefined, as the national, regional, and designated authorities are expected to issue their own catalogs regarding important data.

    Thus, data security laws imply that all the businesses operating in China need to collect and process and store customer data.

    Localization and Transfer of Data

    The DSL widens and clarifies data localization and transfer standards for “core” and “important” data yet for certain types of businesses that handle sensitive data. For instance, critical information infrastructure operators (CIIOs), that oversee the data dealing with infrastructure, informational networks, and natural resources must assure that data was generated and stored within China. Moreover, a rigid set of security self-assessment checks needs to be conducted before sending data out of the country. In addition to this, the DSL also directs some additional standards and regulations that must be developed for non-CIIOs.

    Downstream Data Handlers

    The DSL also expands the scope of regulation, like initial data collectors, downstream  “intermediary service” that uses sensitive data for commercial purposes also need to be governed strictly. Thus, these downstream data handlers are obliged to verify the true identities of the parties before a data transaction is made, along with managing the transaction records. Therefore, in case data handlers fail to comply with DSL may face a regulatory fine of RMB 2 million, cancellation of business licenses, and an immediate shutdown of operations.

    Data Security

    The DSL mandates the businesses and financial institutions that are operating in China to establish and enhance the data security systems. On another hand, in case the shortcomings in the system are detected, instant remedial measures need to be taken along with notifying the customers, as well as regulatory bodies regarding the data breaches if it happens. However, if the companies handing information of at least “important data” are obliged to onboard security officers that would be responsible for securing data and submitting the risk assessment reports to the PRC authorities.

    An institution that fails to meet the regulatory obligation and to secure customer data may face a hefty fine up to RMB 500,000, and if companies fail to improve their systems that resulted in data leaks may face fines up to RMB 2 million.

    The Personal Information Protection Law

    The personal information protection law (PIPL) is considered China’s first detailed law that governs PII protection and is developed after the EU has come up with General Data Protection Regulation.

    “Personal Information” is broadly defined to cover “any information related to identified or identifiable natural persons stored in electronic or any other format.” So long as the information is “related to identified or identifiable natural persons,” even if there is not sufficient data for identification, the PIPL still applies.

    The law is applicable to all types of data activities, for instance, storage, gathering, deletion, processing, etc.) involving the PII subjects in China along with the activities that are happening outside the country, yet aimed to provide services to the Chinese public. Non-compliant with the PIPL regulations could face a fine of RMB 50 million, 5% of the business’s yearly revenue, and all illegal gains would be seized.

    Consent Requirements

    Before gathering or handling PII, a data handle needs to get clear consent from the person whose information is to be obtained. Data handles that are collecting sensitive personal information – a data category that includes data subject, biometrics, religious beliefs, finances, location, and children’s details along with the purpose of data collection, aim to fulfill the PIPL requirements.

    Data Localization and Data Deletion Requirements

    In case, if the volume of PII collected or handled by the respective handler exceeds the certain described thresholds, data localization requirements could be triggered, and the data handle will additionally be required to onboard an information protection officer to oversee the whole handling and protection procedure. Other than this, they are also required to delete the collected information, once the purpose is fulfilled. When the data no longer serves its purpose, the retention period automatically expires. Thus, data must be deleted, before it gets into the wrong hands.

    Restrictions on Transfer of Personal Information to Third Parties and Overseas

    Before transferring the personal information to the third parties, either within China or across the border, the data subject’s detailed consent must be obtained and the recipient should ensure that the PII is used as per the terms and conditions of the consent.

    For international transfers, the data handler needs to be utmost assured that the recipient has a rigid data protection system in places where their operations are aligned with the PIPL regulations. However, depending upon the classification of the data additional requirements may also apply.

    General Compliance Requirements

    To fulfill PIPL requirements, companies need to conduct regular self-assessments and audits in order to determine the information security risk and take necessary steps to enhance control systems. However, if the company qualifies as a  “major internet service platform”  more strict rules may be applied. In addition to this, companies that are using algorithms and automated decision-making functions to analyze personal information must abide by the transparency principle as per PIPL laws.

    How Shufti Can Help

    Shufti’s state-of-the-art identity verification services are embedded with all the features that can help data handlers to stay put with the regulatory obligations while ensuring that the customer’s data remain un-breachable. Businesses opting for robust identity verification solutions can overcome sanctions and fines for being non-compliant.

    Following are the key benefits of Shufti’s ID verification services;

    1. Determines the real identity of the customers in less than a second
    2. Generate results with 98.76% accuracy
    3. Screenings the customers against 1700+ global watch lists
    4. Helps to stay put with the regulatory obligations and secures businesses from sanctions

    Want to learn more about ID verification services for businesses?

    Related Posts

    Blog

    Proof of Address Verification in 2025: Complete Guide to Compliance, Risk & Shufti Insights

    1. 2025 Snapshot: Why Proof of Address Matters More Than Ever In 2025, proof of address (PoA) has...

    Proof of Address Verification in 2025: Complete Guide to Compliance, Risk & Shufti Insights Explore More

    Blog

    Face ID Checks in 2025 – The Ultimate Guide to Protecting Your Business Against Identity Theft with Shufti

    Identity theft losses soared to $12.5 billion in 2024, jumping 25 percent year‑on‑year, while ide...

    Face ID Checks in 2025 – The Ultimate Guide to Protecting Your Business Against Identity Theft with Shufti Explore More

    Blog

    Biometric Authentication – How Fraudsters Try to Bypass in 2025 —and How Shufti Stops Them

    Biometric authentication is no longer a nice‑to‑have. Deepfake toolkits are available for less th...

    Biometric Authentication – How Fraudsters Try to Bypass in 2025 —and How Shufti Stops Them Explore More

    Blog

    Top 7 Trends Shaping the Future of the U.S. Gambling Industry in 2025

    Introduction 2024 was the fourth consecutive record‑breaking year for U.S. commercial gaming, wit...

    Top 7 Trends Shaping the Future of the U.S. Gambling Industry in 2025 Explore More

    Blog

    Intelligent Character Recognition (ICR) 2025: One Step Ahead of OCR

    ICR is shifting from a “nice‑to‑have” to a regulatory requirement. With the EU AI Act entering fo...

    Intelligent Character Recognition (ICR) 2025: One Step Ahead of OCR Explore More

    Blog

    Built for the Threat Ahead: How Shufti Delivers Deepfake Defense 

    From novelty to weapon, deepfakes have seen a surge in accessibility and complexity and, for unpr...

    Built for the Threat Ahead: How Shufti Delivers Deepfake Defense  Explore More

    Blog

    Who’s Really Signing Up? The Hidden Risks Behind iGaming Growth

    Games of chance and wagering money have a long and illustrious history around the world, from ear...

    Who’s Really Signing Up? The Hidden Risks Behind iGaming Growth Explore More

    Blog

    When Compliance Changes Fast, How Can Growth-Stage Companies Keep Up?

    Growth-stage companies face a unique challenge: as their operations expand and regulations evolve...

    When Compliance Changes Fast, How Can Growth-Stage Companies Keep Up? Explore More

    Blog

    Proof of Address Verification in 2025: Complete Guide to Compliance, Risk & Shufti Insights

    1. 2025 Snapshot: Why Proof of Address Matters More Than Ever In 2025, proof of address (PoA) has...

    Proof of Address Verification in 2025: Complete Guide to Compliance, Risk & Shufti Insights Explore More

    Blog

    Face ID Checks in 2025 – The Ultimate Guide to Protecting Your Business Against Identity Theft with Shufti

    Identity theft losses soared to $12.5 billion in 2024, jumping 25 percent year‑on‑year, while ide...

    Face ID Checks in 2025 – The Ultimate Guide to Protecting Your Business Against Identity Theft with Shufti Explore More

    Blog

    Biometric Authentication – How Fraudsters Try to Bypass in 2025 —and How Shufti Stops Them

    Biometric authentication is no longer a nice‑to‑have. Deepfake toolkits are available for less th...

    Biometric Authentication – How Fraudsters Try to Bypass in 2025 —and How Shufti Stops Them Explore More

    Blog

    Top 7 Trends Shaping the Future of the U.S. Gambling Industry in 2025

    Introduction 2024 was the fourth consecutive record‑breaking year for U.S. commercial gaming, wit...

    Top 7 Trends Shaping the Future of the U.S. Gambling Industry in 2025 Explore More

    Blog

    Intelligent Character Recognition (ICR) 2025: One Step Ahead of OCR

    ICR is shifting from a “nice‑to‑have” to a regulatory requirement. With the EU AI Act entering fo...

    Intelligent Character Recognition (ICR) 2025: One Step Ahead of OCR Explore More

    Blog

    Built for the Threat Ahead: How Shufti Delivers Deepfake Defense 

    From novelty to weapon, deepfakes have seen a surge in accessibility and complexity and, for unpr...

    Built for the Threat Ahead: How Shufti Delivers Deepfake Defense  Explore More

    Blog

    Who’s Really Signing Up? The Hidden Risks Behind iGaming Growth

    Games of chance and wagering money have a long and illustrious history around the world, from ear...

    Who’s Really Signing Up? The Hidden Risks Behind iGaming Growth Explore More

    Blog

    When Compliance Changes Fast, How Can Growth-Stage Companies Keep Up?

    Growth-stage companies face a unique challenge: as their operations expand and regulations evolve...

    When Compliance Changes Fast, How Can Growth-Stage Companies Keep Up? Explore More

    Take the next steps to better security.

    Contact us

    Get in touch with our experts. We'll help you find the perfect solution for your compliance and security needs.

    Contact us

    Request demo

    Get free access to our platform and try our products today.

    Get started