Secretariat of the National Technical Committee 260 on Cybersecurity of Standardization Administration of China, Guidelines for Cybersecurity Standards Practices—Requirements for Compliance Audits of Personal Information Protection (Draft for Comments)
全国网络安全标准化技术委员会秘书处网络安全标准实践指南——个人信息保护合规审计要求 (征求意见稿)
Standards are released specifying compliance audits of personal information protection / Issued: 2025-04-24
Share:
Issued: April 24, 2025
Main contents: Separate consent before disclosure of personal information
(a) Substance of audit: whether the personal information handler secured the separate consent of individuals before disclosing the personal information processed thereby, whether such authorization is genuine and valid and whether the personal information was disclosed in a manner contrary to the individual’s volition.
(b) Audit evidence referenced: an account of the processed personal information disclosed, the mechanism for