The Office for Personal Data Protection ('GPDP') issued, on 9 December 2021, an Authorisation to streamline notification and registration obligations of Small and Medium-sized companies ('SME') complying with the Personal Information Protection Law of the People's Republic of China ('PIPL'). In particular, the GPDP highlighted that for SMEs complying with the PIPL, the two most likely risks Macau based organisations face in the exercise of cross-border activities or other activities with mainland China, is software support platforms for provision of services to their customers or software located within mainland China, and the use of instant communication software platforms or payment platforms in mainland China.

In addition, the GPDP noted that although SMEs only need to comply with the notification obligation provided under Article 20 of the Personal Data Protection Act (Act 8/2005) ('the Act') and the notification provisions in the PIPL, it has launched a notification and registration optimisation plan. More specifically, the GPDP provided new notification forms and reference templates for the notification and registration of SMEs in compliance with the Act and the PIPL, and a new method for third parties to request registration and notification forms so that they may have proof of certification.

You can read the authorisation, available in Chinese here and Portuguese here.