Chinese data regulators are intensifying their focus on the data protection compliance audit obligations under the Personal Information Protection Law (“PIPL“), with the release of the Administrative Measures for Personal Information Protection Compliance Audits (“Measures“), effective 1 May 2025.
The Measures outline the requirements and procedures for both self-initiated and regulator-requested
Continue Reading CHINA: Mandatory Data Protection Compliance Audits from 1 May 2025
The Personal Information Protection Law (“PIPL“) requires a data controller to conduct compliance audits of its personal data processing activities on a regular basis (“Self-supervision Audits“). Apart from such Self-supervision Audits, in case the data regulator finds significant risks involved in a data controller’s processing or where data incidents occur, the
Continue Reading CHINA: Mandatory data protection compliance (self) audits on their way
While the definition of sensitive personal information in China has always been different to other jurisdictions, with a focus on risk of harm at its heart, new draft guidance should make it easier for organisations to map their processing of China sensitive personal information, which is increasingly important in light of new cross-border data transfer
Continue Reading China: Important new guidance on defining sensitive personal information
