Does HR data processing require registration under data protection laws?
Data protection laws sometimes include conformity assessments, which help to ensure businesses follow regulations. Requirements can include registration before the Data Protection Authority and random audits.
Following the absence of a Data Protection Authority in China, there is no registration requirement regarding the processing of personal data before the Chinese authorities.
There is also no specific definition of a data controller under the current Chinese law. Organizations that collect and use personal information are generally required to:
- comply with the principles of legitimacy, rightfulness and necessity when collecting and using personal information
- specify and comply with their policies regarding the purpose, manner and scope of collecting and using personal information
- obtain consent from any individual whose information is collected
- refrain from collecting or using personal information in breach of any laws or regulations
- ensure that personal information is kept confidential, and not disclosed, sold or provided illegally to others