Modeled after the EU’s GDPR, China’s PIPL imposes protections and restrictions on data collection and transfer that companies both inside and outside of China will need to address.