Guidelines for Compliance Audits of Personal Information Protection
个人信息保护合规审计指引
A compliance audit is required when processing personal information of more than 10 million persons / CLP Reference: 5600/25.02.12 ; Promulgated: 2025-02-12 ; Effective: 2025-05-01
Share:
(Promulgated by the Cyberspace Administration of China on February 12, 2025 and effective as of May 1, 2025.)
(国家互联网信息办公室于二零二五年二月十二日公布,自二零二五年五月一日起施行。)
Order of the CAC No.18
国家网信办令 第18号
I. These Guidelines have been formulated in accordance with laws and administrative regulations such as the PRC Law on the Protection of Personal Information and the Regulations for the Administration of Network Data Security.
一、本指引根据《中华人民共和国个人信息保护法》、《网络数据安全管理条例》等法律、行政法规制定。
II. Where a compliance audit is conducted
二、对个人信息处理活动的合法性基础进行合规审计的,应当重点审查下列事项: