China: Closed consultation on the draft National Standard on Data Security Technology - Personal Information Protection Compliance Audit Requirements

On 11 September 2024, the Secretariat of the National Cybersecurity Standardization Technical Committee of China (TC260) closes the public consultation on the draft National Standard on Data Security Technology - Personal Information Protection Compliance Audit Requirements. The Standard aims to establish data protection standards and outlines principles and implementation requirements for personal information protection compliance audits. The Standard applies primarily to personal information processors but also serves as a reference for relevant institutions conducting audits of personal information processing activities. The Standard contains provisions for the implementation of the audit process, evidence handling, and authority of audit institutions, and it specifies auditor requirements.