Read More about fast-id page

Shufti globally launches webinr-icon - a new kind of identity solution!

Shufti globally launches - a new kind of identity solution!

Read more

China’s New Data Security and Personal Information Protection Laws [2022 Update]

b-img-china

For the purpose of identification, interdiction, and prevention, many governments, regulators, and businesses are collaborating to draw a distinction between fraud and financial crime. However, the boundaries are blurring, since the cyber threats are on the continuous rise, which is uncovering the extent to which online criminal activities have become interrelated and more complex. Due to this, a large number of well-established businesses are under the stress of cybercrimes, particularly, data breaches. 

Like other countries across the world, China is also experiencing digitization. However, with the advent of digital file transfer and cloud storage by industries, data breaches, and identity theft crimes are occurring at a fairly high rate. Thus, there was a total of $6 trillion loss in cybercrimes globally in 2021. Thus, the government of China has come up with two new laws associated with data security and personal information protection which was legislated in the fall of 2021, aimed to provide a comprehensive approach to enhance data security, cybersecurity, and individual privacy.

Insights into Cyber Security and Data Protection laws in China

In recent years, China’s data protection and customer privacy regulation regime has been enhanced periodically to eliminate the risk of data breaches and identity theft. The Personal Information Protection Law (PIPL) became part of the ever-evolving regime on 1 November 2021 and is considered the country’s first comprehensive data protection law. The rule regulates the use of Personally Identifiable Information (PII) by individuals as well as businesses within the China boundaries. In addition to this, two other laws, regarding cybersecurity and data protection compliance, Cybersecurity Law (CSL) and Data Security Law (DSL) respectively.

Other than these laws, The Civil Code of the People’s Republic of China (The Civil Code) was also legislated in the first half of 2021 that provided the true rights of personal information protection and privacy. It was also made mandatory for every business to streamline its operation with these laws. However, under the Civil Code, a completely new era of data protection and privacy started. Meanwhile, the same patterns of amendments and emergence of new cybersecurity guidelines are also expected in 2022. Moreover, there are also specific standards and guidelines for industries such as finance, healthcare, and so on.

b-img-breach

New China’s Data Security and Personal Information Laws

In accordance with the Data Security Law (DSL), a rigid framework is developed that classifies PII gathered and stored in China, based on its potential impact on the country’s national security. It also governs the storage and transfer depending on the classification level. However, this law is legislated as a response to the US Clarifying Lawful Overseas Use of Data Act (CLOUD Act). 

Categories of Data

“Core data” under this law is comprehensively defined as any kind of data that can impact Chinese national and economic security, public welfare, or interest requires a maximum degree of guidelines and protection. “Important data” is the next highly sensitive level of data, but its scope is left undefined, as the national, regional, and designated authorities are expected to issue their own catalogs regarding important data.

Thus, data security laws imply that all the businesses operating in China need to collect and process and store customer data.

Localization and Transfer of Data

The DSL widens and clarifies data localization and transfer standards for “core” and “important” data yet for certain types of businesses that handle sensitive data. For instance, critical information infrastructure operators (CIIOs), that oversee the data dealing with infrastructure, informational networks, and natural resources must assure that data was generated and stored within China. Moreover, a rigid set of security self-assessment checks needs to be conducted before sending data out of the country. In addition to this, the DSL also directs some additional standards and regulations that must be developed for non-CIIOs.

Downstream Data Handlers

The DSL also expands the scope of regulation, like initial data collectors, downstream  “intermediary service” that uses sensitive data for commercial purposes also need to be governed strictly. Thus, these downstream data handlers are obliged to verify the true identities of the parties before a data transaction is made, along with managing the transaction records. Therefore, in case data handlers fail to comply with DSL may face a regulatory fine of RMB 2 million, cancellation of business licenses, and an immediate shutdown of operations.

Data Security

The DSL mandates the businesses and financial institutions that are operating in China to establish and enhance the data security systems. On another hand, in case the shortcomings in the system are detected, instant remedial measures need to be taken along with notifying the customers, as well as regulatory bodies regarding the data breaches if it happens. However, if the companies handing information of at least “important data” are obliged to onboard security officers that would be responsible for securing data and submitting the risk assessment reports to the PRC authorities.

An institution that fails to meet the regulatory obligation and to secure customer data may face a hefty fine up to RMB 500,000, and if companies fail to improve their systems that resulted in data leaks may face fines up to RMB 2 million.

The Personal Information Protection Law

The personal information protection law (PIPL) is considered China’s first detailed law that governs PII protection and is developed after the EU has come up with General Data Protection Regulation.

“Personal Information” is broadly defined to cover “any information related to identified or identifiable natural persons stored in electronic or any other format.” So long as the information is “related to identified or identifiable natural persons,” even if there is not sufficient data for identification, the PIPL still applies.

The law is applicable to all types of data activities, for instance, storage, gathering, deletion, processing, etc.) involving the PII subjects in China along with the activities that are happening outside the country, yet aimed to provide services to the Chinese public. Non-compliant with the PIPL regulations could face a fine of RMB 50 million, 5% of the business’s yearly revenue, and all illegal gains would be seized.

Consent Requirements

Before gathering or handling PII, a data handle needs to get clear consent from the person whose information is to be obtained. Data handles that are collecting sensitive personal information – a data category that includes data subject, biometrics, religious beliefs, finances, location, and children’s details along with the purpose of data collection, aim to fulfill the PIPL requirements.

Data Localization and Data Deletion Requirements

In case, if the volume of PII collected or handled by the respective handler exceeds the certain described thresholds, data localization requirements could be triggered, and the data handle will additionally be required to onboard an information protection officer to oversee the whole handling and protection procedure. Other than this, they are also required to delete the collected information, once the purpose is fulfilled. When the data no longer serves its purpose, the retention period automatically expires. Thus, data must be deleted, before it gets into the wrong hands.

Restrictions on Transfer of Personal Information to Third Parties and Overseas

Before transferring the personal information to the third parties, either within China or across the border, the data subject’s detailed consent must be obtained and the recipient should ensure that the PII is used as per the terms and conditions of the consent.

For international transfers, the data handler needs to be utmost assured that the recipient has a rigid data protection system in places where their operations are aligned with the PIPL regulations. However, depending upon the classification of the data additional requirements may also apply.

General Compliance Requirements

To fulfill PIPL requirements, companies need to conduct regular self-assessments and audits in order to determine the information security risk and take necessary steps to enhance control systems. However, if the company qualifies as a  “major internet service platform”  more strict rules may be applied. In addition to this, companies that are using algorithms and automated decision-making functions to analyze personal information must abide by the transparency principle as per PIPL laws.

How Shufti Can Help

Shufti’s state-of-the-art identity verification services are embedded with all the features that can help data handlers to stay put with the regulatory obligations while ensuring that the customer’s data remain un-breachable. Businesses opting for robust identity verification solutions can overcome sanctions and fines for being non-compliant.

Following are the key benefits of Shufti’s ID verification services;

  1. Determines the real identity of the customers in less than a second
  2. Generate results with 98.76% accuracy
  3. Screenings the customers against 1700+ global watch lists
  4. Helps to stay put with the regulatory obligations and secures businesses from sanctions

Want to learn more about ID verification services for businesses?

Related Posts

Blog

KYC Verification – The Need for Customer Due Diligence in Co-Working Spaces

The development of coworking platforms has led to a business transformation that brings security ...

KYC Verification – The Need for Customer Due Diligence in Co-Working Spaces Explore More

Blog

Integrated Compliance Management – Mitigating the Regulatory Risks

Businesses operating in the financial sector often face organizational and compliance challenges....

Integrated Compliance Management – Mitigating the Regulatory Risks Explore More

Blog

Inside the EU’s New Crypto-Assets Regulatory Regime – How Shufti Can Help

With transforming technologies, the use of cryptocurrency is skyrocketing, and a large number of ...

Inside the EU’s New Crypto-Assets Regulatory Regime – How Shufti Can Help Explore More

Blog

KYC Isn’t Enough: Get Ready for the Future of Verification

Over the past few years, companies have been looking for more sophisticated identity verification...

KYC Isn’t Enough: Get Ready for the Future of Verification Explore More

Blog

Secure Your Digital Presence | Combat Transaction Fraud and Cyberthreats with IDV

Financial crimes, especially payment and transaction fraud, have seen a massive surge in recent y...

Secure Your Digital Presence | Combat Transaction Fraud and Cyberthreats with IDV Explore More

Blog

Verify on the fly: Touchless airport security clearance using biometrics

Around one hundred and seventeen years ago, the Wright brothers designed, built and flew the firs...

Verify on the fly: Touchless airport security clearance using biometrics Explore More

Blog, Identity & KYC

Why You Need To Know Your Buyer

Online payments are fast replacing cash transactions with the top payment companies harboring 1bi...

Why You Need To Know Your Buyer Explore More

Blog

The Importance of KYC and AML Compliance in the APAC Region

According to recent studies, over the past three years, more than ever, sanctions have been impos...

The Importance of KYC and AML Compliance in the APAC Region Explore More

Blog, Online Marketplace

The Importance of Know Your Customer for Crowd Funding and ID Verification Service

In today’s world where most business and financial transactions are taking place online, the impo...

The Importance of Know Your Customer for Crowd Funding and ID Verification Service Explore More

Blog

Louisiana Age Verification Compliance Updates 2024

 Age verification is crucial for online tasks like purchases and communication. The inte...

Louisiana Age Verification Compliance Updates 2024 Explore More

Blog

Rising Social Media Scams in 2020 Calling for Digital Identity Verification

Social media was a simple place for interaction a few years back. People valued it for its securi...

Rising Social Media Scams in 2020 Calling for Digital Identity Verification Explore More

Blog

Top 6 trends in Anti-Money Laundering for 2020

To enhance the scope of AML compliance, new regulations were brought into force throughout last y...

Top 6 trends in Anti-Money Laundering for 2020 Explore More

Blog

Document Verification Services – The Secret Sauce to Keep Fraudsters Away

Forging someone’s documents is something bad enough but selling them on the dark web is just rubb...

Document Verification Services – The Secret Sauce  to Keep Fraudsters Away Explore More

Blog, Identity & KYC

7 Ways to Protect Your Children from Identity Theft

Living in the digital world, the word “Identity theft” makes us more than a little nervous. Knowi...

7 Ways to Protect Your Children from Identity Theft Explore More

Blog

The Latest KYC Regulation Bill for Bitcoin ATMs and DeFi Platforms

As the digital revolution takes hold worldwide, there has been an unparalleled surge in the adopt...

The Latest KYC Regulation Bill for Bitcoin ATMs and DeFi Platforms Explore More

Blog

Verify on the fly: Touchless airport security clearance using biometrics

Around one hundred and seventeen years ago, the Wright brothers designed, built and flew the firs...

Verify on the fly: Touchless airport security clearance using biometrics Explore More

Biometric Technology, Blog, Online Marketplace

Why a Business would need Biometric Consent Verification?

Biometric consent verification is a unique solution from Shufti that enables businesses and c...

Why a Business would need Biometric Consent Verification? Explore More

Blog

7 Best KYC and Fraud Prevention Tips for Online Businesses

With the explosion of internet and web applications, the online interaction between consumers and...

7 Best KYC and Fraud Prevention Tips for Online Businesses Explore More

Blog

A Comprehensive Guide to Understanding Ultimate Beneficial Owners (UBOs)

Identifying UBOs and their control over a business is crucial for financial firms to meet regulat...

A Comprehensive Guide to Understanding Ultimate Beneficial Owners (UBOs) Explore More

Anti Money Laundering, Blog, Financial Crime / AML

US Treasury opposes European Commission AML Country List

The European Commission has adopted a new list of 23 countries which lack appropriate framework f...

US Treasury opposes European Commission AML Country List Explore More

Blog

Role of Enhanced Due Diligence in Combating Money Laundering

Enhanced Due Diligence (EDD) is an advanced and refined version of KYC due diligence process that...

Role of Enhanced Due Diligence in Combating Money Laundering Explore More

Blog

Identity Verification Forecast: How Will KYC Evolve in 2023?

As the world becomes more digital, scammers are honing their craft and employing trickier techniq...

Identity Verification Forecast: How Will KYC Evolve in 2023? Explore More

Blog

6 Ways Identity Verification Will Unlock Digital Transformation in Airlines

Airlines were particularly negatively impacted by the Covid-19 pandemic, and the situation was fu...

6 Ways Identity Verification Will Unlock Digital Transformation in Airlines Explore More

Blog

Biometrics identity verification system – a masterstroke in verification market

The biometrics identity verification system determines the resemblance of an individual by compar...

Biometrics identity verification system – a masterstroke in verification market Explore More

Blog

How E-Commerce sites can prevent scams over Black Friday and Cyber Monday

For online businesses, customer authentication for internet payments is very crucial. An ever-inc...

How E-Commerce sites can prevent scams over Black Friday and Cyber Monday Explore More

Blog

Post-pandemic eCommerce Landscape Calling for Robust ID Verification Solution

During the coronavirus pandemic, the e-commerce industry has witnessed a significant increase in ...

Post-pandemic eCommerce Landscape Calling for Robust ID Verification Solution Explore More

Blog

UK’s On-Demand Culture – Building Trust & Security with Digital ID Verification

People across the world are spending more time on the internet ever since the pandemic struck the...

UK’s On-Demand Culture – Building Trust & Security with Digital ID Verification Explore More

Blog

How to Design an Effective Client Lifecycle Management (CLM) System with ID Verification

The customer journey with a business is very comprehensive. It does not end once the customer is ...

How to Design an Effective Client Lifecycle Management (CLM) System with ID Verification Explore More

Blog

A Comprehensive Guide to Choosing a Perfect e-KYC Solution for Businesses

Most of our processes, including financial and business dealings, have now shifted to online plat...

A Comprehensive Guide to Choosing a Perfect e-KYC Solution for Businesses Explore More

Blog

Know Your Investor (KYI) – Identifying and Eliminating Russian Sanctions Evaders

For quite some time, wealthy Russian businessmen and oligarchs have been investing their money in...

Know Your Investor (KYI) – Identifying and Eliminating Russian Sanctions Evaders Explore More

Blog

Identity verification for fair and free US elections amid COVID-19

US Elections 2020 is the talk of the town these days. But with COVID-19 pandemic going on how wil...

Identity verification for fair and free US elections amid COVID-19 Explore More

Blog

CBN Regulatory Regime – New KYC/AML Requirements Payment Services Banks

With the increased risk of financial crime, banks and other financial institutions within a state...

CBN Regulatory Regime – New KYC/AML Requirements Payment Services Banks Explore More

Blog, Identity & KYC

Age Verification – Ultimate Online Protection for Minors

The rapid increase in the use of the internet is raising some major concerns for parents regardin...

Age Verification – Ultimate Online Protection for Minors Explore More

Blog

Digital COVID Pass: Automated COVID Report Verification

The worsening situation of the pandemic has forced authorities to impose restrictions on several ...

Digital COVID Pass: Automated COVID Report Verification Explore More

Blog

Why KYC Solutions are becoming a norm in Cryptocurrency?

KYC Solutions provide a great opportunity for crypto exchanges and virtual currency enthusiasts t...

Why KYC Solutions are becoming a norm in Cryptocurrency? Explore More

Blog

Post COVID-19 – What are the alternatives to fingerprint biometrics for identity verification?

The way things are headed, there is no doubt about the fact that the world will be a different pl...

Post COVID-19 – What are the alternatives to fingerprint biometrics for identity verification? Explore More

Blog

Shufti’s ID Fraud Report: Reviewing 2022 and a Preview of 2023

Twenty years back, “identity theft” was imagined as pictures of shady figures rifling through gar...

Shufti’s ID Fraud Report: Reviewing 2022 and a Preview of 2023 Explore More

Blog

KYC in banking: How American banks can fight identity thieves?

In the present globalized, fast-evolving sphere, revolutionizing KYC (Know Your Customer) is cruc...

KYC in banking: How American banks can fight identity thieves? Explore More

Blog

Fighting identity fraud with AI-enabled ID document verification

It’s no secret that identity fraud has become one of the most increasing problems for online busi...

Fighting identity fraud with AI-enabled ID document verification Explore More

Blog

COVID Passports – Bringing Convenience to the Travel & Tourism Sector

“Sorry, the earth is closed today.”  Tony Stark’s sarcastic dialogue became the worst possible re...

COVID Passports – Bringing Convenience to the Travel & Tourism Sector Explore More

Blog

The Evolution of AML Compliance from Checkbox to Risk-based Approach

Financial institutions are exposed to several money laundering threats, as criminals today are we...

The Evolution of AML Compliance from Checkbox to Risk-based Approach Explore More

Blog

A Basic Guide to Know Your Customer Online (2023 Update)

In our current digital landscape, where identity theft seems rampant, protecting personal informa...

A Basic Guide to Know Your Customer Online (2023 Update) Explore More

Blog

Fighting ID Fraud in the Healthcare Industry With Online ID Verification

While the coronavirus outbreak has emerged with a lot of challenges for the healthcare industry, ...

Fighting ID Fraud in the Healthcare Industry With Online ID Verification Explore More

Blog

International ID Day – An Overview of the 2021 Identity Landscape

The International ID Day is not marked on everybody’s calendar but is of significant value for ma...

International ID Day – An Overview of the 2021 Identity Landscape Explore More

Blog

Risks of Vaccine Verification Apps & What IDV Industry can Offer

COVID-19 has brought enough changes to make the world smarter. Businesses and customers migrating...

Risks of Vaccine Verification Apps & What IDV Industry can Offer Explore More

Blog, Financial Crime / AML

Shufti integrates AML Compliance into its end-to-end Verification Services

Shufti has now launched AML compliance in its set of identity verification services to provid...

Shufti integrates AML Compliance into its end-to-end Verification Services Explore More

Blog

The Evolution of AML Compliance from Checkbox to Risk-based Approach

Financial institutions are exposed to several money laundering threats, as criminals today are we...

The Evolution of AML Compliance from Checkbox to Risk-based Approach Explore More

Blog

The Digital Black Market for Identity Data

The collection, purchase, or trade of customer data is big business. Unless organizations and ind...

The Digital Black Market for Identity Data Explore More

Blog

The 10 Biggest DeFi Hacks of 2022 and How Can KYC/AML Compliance Help

The crypto industry witnessed a challenging year in 2022, marked by numerous hacks and scams, hig...

The 10 Biggest DeFi Hacks of 2022 and How Can KYC/AML Compliance Help Explore More

Blog

Which KYC Solution is Right for Your Business?

KYC solutions are vital for assessing consumer risk and a legal necessity for complying with Anti...

Which KYC Solution is Right for Your Business? Explore More

Blog, Fraud Prevention

Account Takeover Frauds – Impact, Causes, and Prevention

Living in the era of technology, the world is rapidly moving towards digitization. From banking i...

Account Takeover Frauds –  Impact, Causes, and Prevention Explore More

Blog

Top 7 Trends Shaping the Future of Gambling Industry in 2023

Amidst technological advancement and the changing regulatory landscape, the gaming sector demonst...

Top 7 Trends Shaping the Future of Gambling Industry in 2023 Explore More

Blog, Identity & KYC

Digital Document Verification Giving Wing to Recruitment Sites

Document Verification: In an industry that’s all about people, it’s critical that you know that a...

Digital Document Verification Giving Wing to Recruitment Sites Explore More

Blog

Digital ID Verification – Why is it Critical for Customer Experience?

Last year was all about lockdown and pandemic disrupting business operations to the very core. Th...

Digital ID Verification – Why is it Critical for Customer Experience? Explore More

Blog

AUSTRAC’s ML/TF Risk Assessment Report on Foreign Bank Branches [Part 3]

This blog makes the third chapter of our four-part series on AUSTRAC’s report on the Banking Sect...

AUSTRAC’s ML/TF Risk Assessment Report on Foreign Bank Branches [Part 3] Explore More

Blog

UAE’s Crypto Landscape – Eliminating Financial Crime to Ensure Regulatory Compliance

The UAE is the Middle East’s rapidly growing cryptocurrency hub that is experiencing a heated-up ...

UAE’s Crypto Landscape – Eliminating Financial Crime to Ensure Regulatory Compliance Explore More

Blog

Business transformations for operational resilience amid COVID-19 crisis

The pandemic continues affecting businesses and consumer operations along with having economical ...

Business transformations for operational resilience amid COVID-19 crisis Explore More

Blog, Identity & KYC

4 Ways KYC Banking Regulations are Shaping the Future

Know Your Customer (KYC) regulations are vital for the banking system. Money laundering, depositi...

4 Ways KYC Banking Regulations are Shaping the Future Explore More

Blog, Identity & KYC

Biometric Identification is On the Rise in Education Sector

An acceptable method of identification i.e. biometric technology is hitting the education industr...

Biometric Identification is On the Rise in Education Sector Explore More

Blog

3 ways to protect your organizations from coronavirus cyber security threat

  Due to the spread of the coronavirus, the world adapts to new ways of working. Cyber criminals ...

3 ways to protect your organizations from coronavirus cyber security threat Explore More

Blog, Reg Tech

3 Reasons why RegTech is the Future of Innovation?

Regulatory Technologies, commonly referred to as RegTech, is an innovative use case of Financial ...

3 Reasons why RegTech is the Future of Innovation? Explore More

Blog

Is Your Company Safe? The Importance of Document Verification to Strengthen KYC Checks

Businesses across the globe are still vulnerable to threats like money laundering, terrorist fina...

Is Your Company Safe? The Importance of Document Verification to Strengthen KYC Checks Explore More

Blog

Cannabis Industry – Risks, Predictions, Fraud & KYC/AML Obligations

The ever-growing industries across the world are opening gates for numerous opportunities to gree...

Cannabis Industry – Risks, Predictions, Fraud & KYC/AML Obligations Explore More

Blog

Rise of Money Laundering in UAE – How Financial Institutions Can Comply with New Regulations

The UAE certainly earned its spot in the top 10 global financial centers with unprecedented growt...

Rise of Money Laundering in UAE – How Financial Institutions Can Comply with New Regulations Explore More

Blog

How identity verification can help prevent Medical Identity Theft?

Digitization is reshaping the future of healthcare. With the healthcare industry, having more res...

How identity verification can help prevent Medical Identity Theft? Explore More

Blog

Post-pandemic eCommerce Landscape Calling for Robust ID Verification Solution

During the coronavirus pandemic, the e-commerce industry has witnessed a significant increase in ...

Post-pandemic eCommerce Landscape Calling for Robust ID Verification Solution Explore More

Blog

Identity Verification – Safeguarding Pharmaceutical and Controlled Substance Sales

With emerging technologies, the pharmaceutical industry has transformed significantly, and rapid ...

Identity Verification – Safeguarding Pharmaceutical and Controlled Substance Sales Explore More

Blog

Digital COVID Pass: Automated COVID Report Verification

The worsening situation of the pandemic has forced authorities to impose restrictions on several ...

Digital COVID Pass: Automated COVID Report Verification Explore More

Blog

KYC and AML For Fintech | A Comprehensive Guide to Fraud Prevention

Since governments worldwide are increasing the pressure to regulate, compliance has become a key ...

KYC and AML For Fintech | A Comprehensive Guide to Fraud Prevention Explore More

Blog

Know Your Patient – Curbing Healthcare Fraud through Identity Verification

With global digitization and emerging technologies, the healthcare sector has adopted a variety o...

Know Your Patient – Curbing Healthcare Fraud through Identity Verification Explore More

Blog

China’s AML Framework and Regulatory Highlights of 2022

China has been fighting against money laundering and terrorism financing for a number of years. A...

China’s AML Framework and Regulatory Highlights of 2022 Explore More

Blog, Online Marketplace

New Rules by the UK Gambling Commission and Their Impact

The UK Gambling Commission announced new gambling rules earlier this year to make gambling safer ...

New Rules by the UK Gambling Commission and Their Impact Explore More

Take the next steps to better security.

Contact us

Get in touch with our experts. We'll help you find the perfect solution for your compliance and security needs.

Contact us

Request demo

Get free access to our platform and try our products today.

Get started