A practical one-day programme for Malaysian businesses that handle the personal information of individuals in China - whether through exports, e-commerce sales, tourism and hospitality, manufacturing partnerships, or as part of a group with China operations. This training explains what China's Personal Information Protection Law (PIPL 2021) requires, its far-reaching cross-border transfer rules, how it differs from Malaysia's PDPA, and what your organisation must do to manage the risk.
Note: PIPL is a Chinese law enforced by Chinese authorities, including the Cyberspace Administration of China (CAC). There is no Malaysian government-issued certification for it. This programme is an awareness and compliance training - participants receive a Certificate of Completion from OrbixTech upon full attendance.
HRD Corp SBL-Khas Claimable
PIPL Overview & Extra-Territorial Reach
What China's Personal Information Protection Law is, how it fits alongside the Cybersecurity Law and Data Security Law, and critically - how its extra-territorial scope means it applies to Malaysian businesses that process the personal information of individuals in China to provide them products or services, or to analyse their behaviour.
Legal Bases, Consent & Separate Consent
The lawful bases for processing under PIPL and why consent plays a central role. The distinctive concept of "separate consent" required for sensitive personal information, cross-border transfers, disclosure to third parties, and public disclosure - and how it differs from the general consent used elsewhere.
Sensitive Personal Information & Individual Rights
How PIPL defines and protects sensitive personal information, the stricter conditions for processing it, and the rights granted to individuals - access, copy, correction, deletion, portability, and the right to withdraw consent - along with the timeframes for responding to requests.
Cross-Border Data Transfer Mechanisms
PIPL's demanding rules on transferring personal information out of China - the three main routes: a CAC security assessment, signing the CAC Standard Contract, or obtaining personal information protection certification. Thresholds, when each applies, and the personal information protection impact assessment (PIPIA) requirement.
Data Localisation & Local Representative
When data localisation applies (for example, critical information infrastructure operators and large-scale processors), and PIPL's requirement for overseas handlers to establish a dedicated entity or appoint a representative in China and report their details to the authorities.
Person in Charge, Security & Breach Handling
PIPL's requirement to appoint a person in charge of personal information protection, the security measures and compliance audits expected, and obligations to remediate and notify authorities and affected individuals when a personal information breach occurs.
PIPL vs PDPA: A Malaysian Business Perspective
Side-by-side comparison of PIPL and Malaysia's PDPA 2010 (2024 amendment) - consent and separate consent, cross-border transfer controls, sensitive data handling, penalties (up to RMB 50 million or 5% of the prior year's annual revenue under PIPL), and how to build a workable dual-compliance approach.
PIPL Cross-Border Readiness Workshop - participants map their own organisation's data flows to and from China, identify which cross-border transfer mechanism applies, and pinpoint where separate consent, a PIPIA, or a local representative may be required. Guided group discussion with a practical PIPL action list to take back to the business.
Fee RM 1,750 per participant
Duration 1 Day (9:00 AM – 5:00 PM)
Venue Online or in-house at client's office
Level Intermediate (basic data protection awareness recommended)
HRD Corp Claimable Yes
Certificate Certificate of Completion awarded upon full attendance
Enquire about in-house delivery, group rates, or to confirm HRD Corp SBL-Khas claim details - WhatsApp us or contact us here.