Compliance audit
-
Interpretation of the Administrative Measures for Compliance Audit of Personal Information Protection
Law of the People's Republic of China on the Protection of Personal Information (effective November 1, 2021)
Articles 54 and 64: Provide the basic legal framework for personal information protection compliance audits, requiring companies to proactively fulfill their auditing obligations and cooperate with supervision.
Regulations on Network Data Security Management (effective January 1, 2025)
Article 27: To further refine the auditing requirements, network data processors shall periodically conduct compliance audits, either on their own or by commissioning professional organizations, of their handling of personal information in compliance with laws and administrative regulations.
Measures for the Management of Compliance Audits on Personal Information Protection (issued on February 14, 2025, effective May 1, 2025)
The first supporting rules for personal information protection compliance audits were formalized.
-
Personal Information Protection Compliance Audit Management Measures (Draft for Comments)
In order to guide and standardize personal information protection compliance audit activities, in accordance with the "Personal Information Protection Law of the People's Republic of China" and other laws and regulations, the Cyberspace Administration of China has drafted the "Personal Information Protection Compliance Audit Management Measures (Draft for Comments)", which is now submitted to Public opinion solicitation…
