GRADUM
    Standards Comparison

    PIPL

    Mandatory
    2021

    China's comprehensive law protecting personal information rights

    VS

    EN 1090

    Mandatory
    2009

    EU standard for steel and aluminium structural execution.

    Quick Verdict

    PIPL regulates personal data protection for China-facing operations with strict consent and fines up to 5% revenue. EN 1090 mandates CE marking for EU structural steel/aluminium via FPC certification. Companies adopt PIPL for market access, EN 1090 for legal sales.

    Data Privacy

    PIPL

    Personal Information Protection Law (PIPL)

    Cost
    €€€€
    Complexity
    Medium
    Implementation Time
    6-12 months

    Key Features

    • Extraterritorial scope targeting foreign processors of Chinese data
    • Consent-first model without broad legitimate interests basis
    • Explicit separate consent for sensitive personal information
    • Volume-threshold cross-border transfer security reviews
    • Fines up to 5% annual revenue or RMB 50 million
    Structural Metalwork

    EN 1090

    EN 1090 Execution of steel and aluminium structures

    Cost
    €€€€
    Complexity
    High
    Implementation Time
    6-12 months

    Key Features

    • Factory Production Control (FPC) certification
    • Execution Classes (EXC1-EXC4) risk scaling
    • CE marking and Declaration of Performance
    • Welding coordination via ISO 3834
    • Material traceability and NDT inspection

    Detailed Analysis

    A comprehensive look at the specific requirements, scope, and impact of each standard.

    PIPL Details

    What It Is

    PIPL (Personal Information Protection Law), enacted August 2021 and effective November 2021, is China's comprehensive national regulation governing personal information processing. It applies to domestic and foreign organizations handling data of individuals in China, using a risk-based approach emphasizing individual rights, data minimization, and national security.

    Key Components

    • Eight chapters, 74 articles covering processing rules, cross-border transfers, individual rights.
    • Core principles: lawfulness, necessity, minimization, transparency, accountability.
    • Sensitive personal information (SPI) rules, automated decision-making restrictions.
    • Compliance via impact assessments, audits; no formal certification but CAC oversight.

    Why Organizations Use It

    • Mandatory for China operations to avoid fines up to 5% revenue.
    • Enables market access, builds consumer trust, reduces breach risks.
    • Strategic for multinationals: resilience, competitive edge in $18T digital economy.

    Implementation Overview

    • Phased: gap analysis, data mapping, policies, controls, transfers.
    • Applies universally; high complexity for globals/CIIOs.
    • 6-12 months typical; ongoing audits, training required. (178 words)

    EN 1090 Details

    What It Is

    EN 1090 is a harmonized European standard family (EN 1090-1, -2, -3) under the Construction Products Regulation (CPR). It governs conformity assessment and technical execution of structural steel and aluminium components/kits for construction works. Primary purpose: ensure safe fabrication, assembly, and market placement via CE marking. Key approach: risk-based scaling through Execution Classes (EXC1-EXC4).

    Key Components

    • **EN 1090-1Conformity assessment, Factory Production Control (FPC) certification, Declaration of Performance (DoP).
    • **EN 1090-2/-3Technical rules for steel/aluminium (materials, welding, tolerances, corrosion protection, inspection/NDT).
    • Core principles: traceability, welding coordination (ISO 3834), risk matrix (CC/SC/PC to EXC). Compliance via Notified Body audits/surveillance.

    Why Organizations Use It

    • Mandatory for EU/EEA market access (CE marking required).
    • Reduces liability, rework; enables high-risk projects.
    • Builds trust, competitive edge via certified quality/traceability.

    Implementation Overview

    Phased: gap analysis, FPC build, welding quals, NB certification (3-12 months). Applies to fabricators; involves training, digital traceability, ongoing surveillance.

    Key Differences

    Scope

    PIPL
    Personal data protection, processing, transfers
    EN 1090
    Structural steel/aluminium fabrication, conformity

    Industry

    PIPL
    All sectors handling Chinese personal data
    EN 1090
    Construction, steel/aluminium fabricators EU/EEA

    Nature

    PIPL
    Mandatory national law, extraterritorial
    EN 1090
    Harmonized standard, CE marking under CPR

    Testing

    PIPL
    DPIAs, security reviews, audits
    EN 1090
    FPC certification, ITT/ITC, surveillance audits

    Penalties

    PIPL
    Fines to 5% revenue, business suspension
    EN 1090
    Market exclusion, certificate withdrawal

    Frequently Asked Questions

    Common questions about PIPL and EN 1090

    PIPL FAQ

    EN 1090 FAQ

    You Might also be Interested in These Articles...

    CMMC Sustainment Mastery: Continuous Monitoring, Annual Affirmations, and Subcontractor Flow-Down Playbook

    CMMC Sustainment Mastery: Continuous Monitoring, Annual Affirmations, and Subcontractor Flow-Down Playbook

    Master CMMC sustainment beyond certification: continuous monitoring dashboards, SPRS/eMASS affirmations, enforceable subcontractor clauses. Get templates for ve

    SEC Cybersecurity Rules Materiality Determination Framework: Step-by-Step Guide with Checklists and Real-World Examples

    SEC Cybersecurity Rules Materiality Determination Framework: Step-by-Step Guide with Checklists and Real-World Examples

    Master SEC Form 8-K Item 1.05 materiality determinations with our step-by-step framework, checklists, case law factors, and real-world examples. Avoid enforceme

    Thailand PDPA Implementation Guide: Subordinate Regulations for 72-Hour Breach Reporting and Cross-Border Transfers (2022-2024 Rules)

    Thailand PDPA Implementation Guide: Subordinate Regulations for 72-Hour Breach Reporting and Cross-Border Transfers (2022-2024 Rules)

    Step-by-step Thailand PDPA guide: 72-hour breach notifications, cross-border transfers (2022-2024 rules). Risk checklists, GDPR templates avoid THB 5M fines. Mu

    Run Maturity Assessments with GRADUM

    Transform your compliance journey with our AI-powered assessment platform

    Assess your organization's maturity across multiple standards and regulations including ISO 27001, DORA, NIS2, NIST, GDPR, and hundreds more. Get actionable insights and track your progress with collaborative, AI-powered evaluations.

    100+ Standards & Regulations
    AI-Powered Insights
    Collaborative Assessments
    Actionable Recommendations

    Check out these other Gradum.io Standards Comparison Pages

    ISO 37001 vs ISO 27032

    ISO 37001 vs ISO 27032: Anti-bribery ABMS meets cybersecurity guidelines for Internet security. Mitigate risks, ensure compliance, build resilience. Discover key differences & choose wisely!

    UAE PDPL vs U.S. SEC Cybersecurity Rules

    Compare UAE PDPL vs U.S. SEC Cybersecurity Rules: Breach timelines, governance, risk mgmt differences revealed. Master global compliance strategies today!

    WEEE vs TISAX

    Discover WEEE vs TISAX: EU e-waste directive meets automotive security standard. Compare scopes, compliance, fines & strategies for electronics firms. Master both—read now!