A strong whistleblower program can help an organization learn of misconduct and take remedial action and, hopefully, avoid legal consequences and reputational damage. As countries globally expand their whistleblower protections, they are also strengthening their data protection regimes. China’s new Personal Information Protection Law (PIPL) is a prime example. Companies that collect information through whistleblower reports must ensure that they remain in compliance with all applicable data protection laws, which is especially challenging when reports are sent across borders. A recent NAVEX program explored the intersection of whistleblowing and data protection regimes, focusing on the impact of the PIPL and strategies for mitigating the risks of collecting data in China. The program featured Henry Chen, senior counsel at Baker & McKenzie FenXun; Takeshi Yoshida, partner at Baker & McKenzie, and Jan Stappers, whistleblowing specialist at NAVEX. This article distills their insights. See “China’s First Information Protection Law: Compliance Essentials” (Feb. 2, 2022); and “How to Maintain an Anti-Corruption Reporting Hotline That Complies with Data Privacy Laws” (Apr. 3, 2013).