EN 中文EnglishItalianoFrançais

PRC PIPL Application to Human Resources Management

Time:2021-11-10 18:30:28Browse:


The Personal Information Protection Law (hereinafter also referred to as “PIPL”) came into effect on 1st November 2021. According to the PIPL, any entity that handles personal information of natural persons shall comply with this law. Violations of the PIPL may entail fines, corrective orders and compensation to loss-suffered individuals, administrative or even criminal liabilities.


All companies handle personal information to different degrees, starting from those of their own employees. This article will focus on the impact of PIPL on HR perspective in order to provide some insight of this law in this special field.

 

1. Scope of Personal Information

Personal Information refers to information recorded by electronic or other means (eg. hard copy), related to identified or identifiable natural persons, unless anonymized (Art. 4). Among the data, PIPL also stipulate a category of sensitive personal information, such as information on biometric characteristics (eg. finger prints), religious beliefs, specially designated status, medical health financial accounts, individual location tracking, etc (Art. 28).

 

2. Collection & Storage

In general, PIPL provides seven legal basis for personal information handling (Art. 13) including individual consent, for fulfilment of contractual or statutory obligations, for the purpose of human resources management, public health, news reporting and other voluntarily or lawfully disclosed personal information.

 

Specifically, in labour relationship, legal basis for handling of personal information could be covered by consent, fulfilment of contractual or statutory obligations or for the purpose of human resources management. Therefore, employer shall communicate with their legal consultant to find the best legal basis for the workers’ data handling. It’s worth noting that in case  the employer uses legal basis other than consent from the employees’ data handling, this process shall be strictly and necessarily related such legal basis: in other words, using employees’ personal information for marketing and/or statistic purpose, for example, is not covered under legal basis of HR management.   

 

3. Transfer & Provision to Third Parties

If companies need to transfer employee’s personal information to third parties for further processing due to HR purpose, companies shall:

 

-conclude entrustment agreement which sets out the purpose for entrusted handling, the time limit, the handling method, categories of personal information, protection measures, etc;

 

-conduct personal information protection impact assessment in advance and continuously monitor the handling activities;

-disclosure to individuals of the name, contact method ofthe recipient, handling purpose, handling methods and obtain consent;

 

-obtain separate consent by the employee in case of any change of handling purpose, method, and scope of personal information.

 

4. Internal Personal Information Management System

Companies shall establish and maintain an internal personal information management system, which includes:

 

- Internal management structures;

- Categorized management of personal information;

- Regular internal training;

- Personal information security incident response plan;

 

5. Deletion of Personal Information

Article 47 of PIPL stipulates that under the following five circumstances, the personal information handler shall delete personal information under the following:

 

- Handling purpose has been achieved, is impossible to achieve, or the personal information is no longer necessary to achieve the handling purpose;

- Retention period has expired;

- Individuals withdraw the consent;

- Handlers handle personalinformation in violation of laws, administrative regulations, or agreement;

- Entrustment agreement expires or terminated.

 

In labour relationship, considering that the employer might need employees’ personal information for potential lawsuits of labor dispute, and the statutory limitation for labor dispute is 1 year upon termination of labor relationship, It would be reasonable for employers to retain employee’s personal information for at least 1 year after termination or expiration of labour contract. Specific agreements to this end shall be reached between employer and employees accordingly.

 

6. Legal Liabilities for Violation of PIPL

In connection to the severity of violation, the PIPL stipulates diversified publishment measures, including warning order, corrective order, confiscation of illegal income, revocation of business license, fines up to RMB 50,000,000 or 5% of the company’s turnover in the preceding year, and other measures (Art. 66). In addition, anyviolation of the PIPL will be recorded on the company credit system and such record will be publicly accessible.


Noticeably, the directly responsible person in charge and other directly responsible personnel are to befined between RMB 10,000 and RMB 100,000 (Art 66). Administrative penalties and criminal liabilities will be imposed in case the unlawful acts constitute aviolation of public security management or criminal law.

For the employer unlawfully handling employees’ personal information, warning order, corrective order, direct fine might be imposed on the company or directly personnel in charge may be the most possible liabilities.

 

With the formal implementation of the PIPL, the standards of personal information protection for employers and corporate compliance are exponentially increased. While facing a new legal regulation and market environment, enterprises need to reshape the internal compliance system and management system, self-check and self-correct their compliance level according to the requirements of laws, and take early counter measures inlight of the risks of their own data processing activities.

 

We at Wang Jing & GH Law Firm have a long and solid experience in advising our local and foreign clients about data protection and security law in China, in EU (GDPR) and in the USA, placing us as leaders in this field. In case of any question or specific field requirements, please don’t hesitate to contact us.


Follow:

  • Disclaimer
  • Privacy Policy
  • Site Map

Copyright 2020 Wang Jing & GH Law Firm. All Rights Reserved. 粤ICP备13002423号-2 Designed by Wanhu