China: Cyberspace Administration adopted Measures for Administration of Compliance Audits on Personal Information Protection including operating conditions

On 20 May 2024, the Cyberspace Administration of China (CAC) approved the Measures for the Administration of Compliance Audits on Personal Information Protection, which will enter into force on 1 May 2025. The measures specify that personal information processors handling data of over 1 million individuals must appoint a personal information protection officer, while large internet platforms with extensive users and complex operations should establish independent oversight bodies. Regulatory authorities will oversee audits and investigate non-compliance, with violations subject to penalties under applicable laws. State organs and public administration bodies are exempt from these requirements.