06 October 2023

China to Require Regular Compliance Audits for Personal Information Protection

Your business will be impacted by a new set of draft measures recently introduced in China. These measures mandate that all companies processing personal information within China must undergo regular compliance audits to ensure adherence to the country’s regulations on personal information protection. These audits will determine whether companies are compliant with the protection requirements outlined in the China Personal Information Protection Law (PIPL) and other relevant measures and regulations.

Under these draft rules, companies have the option to either establish an internal department or engage a third party to conduct these audits. The auditors will assess whether the companies are in compliance with the PIPL and other related regulations, including those concerning cross-border personal information transfers. The auditing organization must ensure adherence to the new draft measures.

The draft measures outline that companies processing personal information of over one million individuals are obligated to undergo an annual compliance audit. Other companies processing personal information need to conduct a compliance audit at least once every two years.

Furthermore, the national and local cybersecurity departments, in collaboration with public security entities and other relevant bodies within China’s cabinet (the State Council), will create a recommended catalog of professional institutions capable of conducting compliance audits for personal information protection. This catalog will be updated annually, and companies are encouraged to select an agency from this list to perform the audits.

In conclusion, the new draft measures in China mandate regular compliance audits for companies processing personal information. These audits are meant to ensure compliance with the country’s Personal Information Protection Law and related regulations. It’s essential for our client to understand these requirements and consider their implications for their business operations in China.

We will keep you updated on the newest regulations or measures regarding to this new set of draft. If you need further information, please do not hesitate to contact our Asia team: Joost Vrancken Peeters and Ye Yu

Call: +31 172 530 250