On 12 February 2025, the Cyberspace Administration of China introduced the Personal Information Protection Compliance Audit Guidelines to outline obligations under the Measures for the Administration of Compliance Audits on Personal Information Protection. The guidelines specify that compliance audits must assess the validity of consent, ensure minimal impact on individuals, and define durations for retaining personal information. Furthermore, the guide notes that personal information processors are required to inform individuals about data processing practices and secure consent, particularly when handling sensitive personal data or employing automated decision-making systems. The guidelines also address the implementation of security measures, the completion of impact assessments, and the prevention of unauthorised transfers of personal data.
Original source