Description

Cyberspace Administration released guidelines on Personal Information Protection Compliance Audit

On 12 February 2025, the Cyberspace Administration of China introduced the Personal Information Protection Compliance Audit Guidelines to outline obligations under the Measures for the Administration of Compliance Audits on Personal Information Protection. The guidelines specify that compliance audits must assess the validity of consent, ensure minimal impact on individuals, and define durations for retaining personal information. Furthermore, the guide notes that personal information processors are required to inform individuals about data processing practices and secure consent, particularly when handling sensitive personal data or employing automated decision-making systems. The guidelines also address the implementation of security measures, the completion of impact assessments, and the prevention of unauthorised transfers of personal data.

Original source

Scope

Policy Area
Data governance
Policy Instrument
Data protection regulation
Regulated Economic Activity
cross-cutting
Implementation Level
national
Government Branch
executive
Government Body
data protection authority

Complete timeline of this policy change

Hide details
2025-02-12
adopted

On 12 February 2025, the Cyberspace Administration of China introduced the Personal Information Pro…

We use cookies and other technologies to perform analytics on our website. By opting in, you consent to the use by us and our third-party partners of cookies and data gathered from your use of our platform. See our Privacy Policy to learn more about the use of data and your rights.