China Issues Significant New Draft Rules Relating to Personal Information Protection Compliance Audits
August 22, 2023 | BY
Susan MokNew draft measures on personal information protection compliance audits have been released for public comment. Jianwei (Jerry) Fang and Chuchen (Julie) Hou of Zhong Lun Law Firm analyze the legislative basis and specific requirements of the new draft, and provide some practical recommendations for PI processors who are planning for an upcoming compliance audit.
Summary
- The Draft measures are formulated by the CAC to form detailed guidelines for the implementation of Articles 54 and 64 of the PIPL; they categorize compliance audits into regular and mandatory audits.
- PI processors may mandate an internal institution or entrust an external specialized agency to conduct regular audits, while the mandatory audit must be carried out by an external specialized agency.
- PI processors are required to provide cooperation and assistance to ensure that the audit agency has the necessary authority to carry out the audit.
- PI processors should prepare in advance for their upcoming compliance audit, including preparing an internal compliance audit plan, self-examining their internal management system and operating procedures, and ensuring preservation of evidentiary materials.
This premium content is reserved for
China Law & Practice Subscribers.
A Premium Subscription Provides:
- A database of over 3,000 essential documents including key PRC legislation translated into English
- A choice of newsletters to alert you to changes affecting your business including sector specific updates
- Premium access to the mobile optimized site for timely analysis that guides you through China's ever-changing business environment
Already a subscriber? Log In Now
For enterprise-wide or corporate enquiries, please contact our experienced Sales Professionals at +44 (0)203 868 7546 or [email protected]