Here is the honest situation. China's PIPL is one of the strictest privacy laws in the world, with extraterritorial reach and penalties up to fifty million RMB or five percent of turnover. It has no general legitimate-interest basis, demands separate consent for sensitive data, third-party sharing, public disclosure and cross-border transfer, requires impact assessments, and controls cross-border transfer through a CAC security assessment, certification or the Standard Contract. Working out which obligations apply and evidencing each is weeks of legal interpretation, and a missing separate consent or an unapproved transfer is exactly where organizations fall short.
This Kit removes that interpretation. It is every PIPL obligation written as an adopt-ready control you personalize in a weekend, with the records that prove compliance.
What you get, the moment you buy
Grounded in the China Personal Information Protection Law, with the legal bases, the separate-consent requirements, sensitive PI and impact assessments, and the cross-border transfer mechanisms called out. Editable Word and Excel files.
What one control looks like
This is the separate-consent requirement, the PIPL rule that catches most organizations. All 35 are built to this depth.
Why this is not another template pack
- The evidence is the point. A PIPL duty you cannot evidence is exposure at scale. This tells you the records that prove compliance and where organizations fall short, for every obligation.
- Separate consent and transfer built in. The many separate-consent moments and the CAC assessment, certification and Standard Contract transfer mechanisms are written into the controls, the places organizations get caught.
- Built on a mapped compliance corpus, not one person's opinion, from a graph of thousands of controls across standards.
- It compounds. PIPL shares structure with GDPR-style laws while adding its own rules, so this work feeds a broader multi-jurisdiction privacy program.
Who buys this
Any organization processing personal information of individuals in China, including from outside China, and the privacy and legal leads who own it. Whether it is a first assessment or a market entry, you save weeks and walk in with the consent, transfer and records handled.
Common questions
Is it really editable? Yes. Word and Excel files you own and adapt. No portal, no subscription.
Is this legal advice? No. It is an implementation toolkit grounded in the PIPL. For a specific matter consult PRC counsel; this gets your controls and records in order fast.
Does it cover separate consent? Yes. The distinct separate-consent requirements for sensitive PI, third-party sharing, public disclosure and cross-border transfer are their own control group.
Does it cover cross-border transfer? Yes, including the CAC security assessment, PI protection certification and the Standard Contract mechanisms.
What if it is not for me? A 30-day money-back guarantee.
Instant digital download · 30-day money-back guarantee · The Art of Service Pty Ltd, GPO Box 2673, Brisbane QLD 4001 · support@theartofservice.com