In the News: Personal Data Compliance Audit; Dentons Leaves China; and China-Saudi ETF-Connect
August 10, 2023 | BY
Susan MokProcessors of personal data face a new annual audit; Dentons leaves China - another case of data decoupling; China and Saudi Arabia in talks about ETF cross-listing
Credit: shock/Adobe Stock
New Personal Data Compliance Audit Requirement
On August 3, the Cyberspace Administration of China (CAC) released the Measures for the Administration of Compliance Audits of the Protection of Personal Information (Draft for Comments) (个人信息保护合规审计管理办法(征求意见稿)).
The draft measures require all processors of personal data to conduct annual audits to ensure compliance with personal data protection laws. Companies that process the personal data of over one million individuals are required to conduct audits every year, while other companies are to conduct the same every two years. The scope of audits will include checking whether any overseas transfers of personal data were conducted with the approval from relevant Chinese authorities, and whether any transfers were made to foreign judicial or enforcement agencies. Companies must also ensure that any overseas recipient of personal data is informed about relevant Chinese regulatory obligations regarding the handling of such data, and should ensure that the overseas recipient has taken measures to fulfill any such obligations.
This premium content is reserved for
China Law & Practice Subscribers.
A Premium Subscription Provides:
- A database of over 3,000 essential documents including key PRC legislation translated into English
- A choice of newsletters to alert you to changes affecting your business including sector specific updates
- Premium access to the mobile optimized site for timely analysis that guides you through China's ever-changing business environment
Already a subscriber? Log In Now