Employee Data Privacy

China - Data Protection Officer

 Download as a PDF

What is, and which organizations have to appoint a DPO?

 

A Data Protection Officer (DPO) is a person in charge of verifying the compliance of personal data processing with the applicable law. The DPO communicates information on processing personal data such as its purposes, interconnections, types, categories of data subjects, length of retention and department(s) in charge of implementing processing. DPOs may be required by law or recommended.

 

There is no legal requirement in China for organizations to appoint a DPO. However, the Personal Information Security Specification (个人信息安全规范, GB/T 35273-2017) includes the recommendation to appoint a specific institution and specific personnel to be responsible for the internal management of personal data protection when:

  • the main business involves processing personal information and there are 200 or more employees; or,
  • the business has processed personal data on more than 500,000 individuals or is expecting to process data on more than 500,000 individuals within 12 months.

 

Ultimate Software's HR Compliance Assist team relies on a network of internal and external compliance experts and lawyers to provide clients with best practices and recommendations on topics such as HR document retention, employee data privacy, and HR electronic records. HR Compliance Assist also provides local compliance monitoring and alert services in select countries where Ultimate Software's customers have employees. HR Compliance Assist is a service exclusively available to Ultimate Software customers.

Share Your Feedback

Let's Talk