Data protective jurisdictions tend to guarantee the right of individuals to contact an organization directly and find out whether personal data is being tracked. Access procedures and acceptable exceptions (such as business secrecy) are determined by law and may be subject to the control of data protection authorities. In the context of HR, personal data access requests can include information tracked by the company as well as data tracked by third-party solutions, such as background check vendors.
The Cybersecurity Law generally prescribes data protection and data security obligations by network operators. Under this law, data subjects have the right to have their data corrected, as well as the right to request deletion in the event of a data breach.
The Ministry of Industry and Information Technology (MIIT) Regulation does require that, after users have terminated the use of telecommunications or internet information services, telecom business operators and internet information service providers stop the collection and use of the users' personal information, and provide the users with services for deregistering relevant phone numbers or account numbers.
As a best practice, some international employers operating in China follow The Personal Information Security Specification, (个人信息安全规范, GB/T 35273-2020) when collecting employee data. Employers may take the following actions upon a data subject’s request: