DPDPA is now in force in India. Run a free privacy scan on your site. Scan now

๐Ÿ‡จ๐Ÿ‡ณ China

PIPL

Personal Information Protection Law

In short
China's PIPL is a strict consent-based law. Processing personal information generally requires informed, voluntary and explicit consent, with separate consent for sensitive data, cross-border transfers and certain disclosures.
Region

China

Status

In force since 2021

Group

Asia & Africa

Who must comply

Organizations that process personal information of individuals in China, including those abroad that handle data to provide products or services to people in China or to analyze their behavior.

Penalties

Fines up to RMB 50 million or 5% of the prior year's turnover for serious violations, plus possible suspension of business and personal liability.

Key obligations

  • Obtain separate consent for sensitive data and cross-border transfers
  • Provide clear notice of purpose, method and scope
  • Honor access, copy, correction, deletion and portability rights
  • Carry out personal information protection impact assessments
  • Meet localization and transfer requirements for large processors

How ConsentX helps

Explicit opt-in consent capture

Separate consent flows for sensitive data and transfers

Geo-aware banner for visitors in China

Consent receipts and rights workflow

Region rule engine tuned for China

Get PIPL ready with ConsentX

Get started free Book a demo

This page is a plain-English summary for general information and is not legal advice. Confirm your obligations with qualified local counsel.

How to comply with PIPL using ConsentX

  1. 1

    Scan your website

    Run a free scan to find every cookie and tracker on your site, so you know exactly what needs consent under PIPL.

  2. 2

    Show a geo-aware consent banner

    Add the ConsentX banner. It detects each visitor region and shows the consent experience that PIPL requires, automatically.

  3. 3

    Block trackers until consent

    Keep non-essential cookies and trackers blocked until the visitor agrees, so nothing fires before consent.

  4. 4

    Record tamper-evident proof

    Every choice is stored as a tamper-evident consent receipt you can produce in a PIPL audit.

  5. 5

    Handle data requests on time

    Use the built-in DSAR workflow with SLA timers to answer access, deletion and opt-out requests within the legal deadline.

Frequently asked questions

Does China's PIPL require separate consent for transfers?+

Yes. PIPL requires separate consent for sensitive data, cross-border transfers and certain disclosures, beyond general consent.

Who enforces the PIPL?+

The Cyberspace Administration of China, the CAC, leads enforcement alongside other regulators.

Countries under PIPL

๐Ÿ‡จ๐Ÿ‡ณ ไธญๅ›ฝ

Other regulations

๐Ÿ‡ช๐Ÿ‡บ GDPR๐Ÿ‡ฌ๐Ÿ‡ง UK GDPR๐Ÿ‡บ๐Ÿ‡ธ CCPA / CPRA๐Ÿ‡บ๐Ÿ‡ธ VCDPA๐Ÿ‡บ๐Ÿ‡ธ Colorado CPA๐Ÿ‡บ๐Ÿ‡ธ CTDPA๐Ÿ‡บ๐Ÿ‡ธ UCPA๐Ÿ‡บ๐Ÿ‡ธ TDPSA๐Ÿ‡บ๐Ÿ‡ธ Oregon OCPA๐Ÿ‡บ๐Ÿ‡ธ Montana MCDPA๐Ÿ‡บ๐Ÿ‡ธ Florida FDBR๐Ÿ‡ง๐Ÿ‡ท LGPD๐Ÿ‡จ๐Ÿ‡ฆ PIPEDA๐Ÿ‡ฎ๐Ÿ‡ณ DPDPA๐ŸŒ PDPA๐Ÿ‡ฟ๐Ÿ‡ฆ POPIA๐Ÿ‡จ๐Ÿ‡ญ FADP๐Ÿ‡จ๐Ÿ‡ฆ Law 25๐Ÿ‡ฒ๐Ÿ‡ฝ LFPDPPP๐Ÿ‡ฆ๐Ÿ‡ท PDPL๐Ÿ‡จ๐Ÿ‡ฑ Law 21.719๐Ÿ‡จ๐Ÿ‡ด Law 1581๐Ÿ‡ต๐Ÿ‡ช Law 29733๐Ÿ‡บ๐Ÿ‡พ Law 18.331