On Feb. 14, 2025, CHI CAC finalized Administrative measures on personal information protection compliance audit, and published answers to reporters at the same time.
Measures clarify situations where personal information processors conduct compliance audits, obligations for personal information processors and professional institutions.
The Personal information protection compliance audit guidelines are attached in the annex, explaining key points of laws and administrative regulations related to personal information protection and providing details from the perspective of compliance audit.
The measures are effective from May 1, 2025.
On Aug. 3, CHI CAC proposed measures re personal data protection.
CHI CAC proposed Administrative measures on personal information protection compliance audit; aims to guide, regulate compliance audit activities, to improve the compliance level of personal information handling, and safeguard individuals' rights.
Measures
Defines personal information protection compliance audit as a supervisory activity that examines and evaluates whether personal information processors comply with laws.
Entities that process personal information of over one million individuals should conduct a personal information protection compliance audit at least once a year.
Other personal information processors should do it at least once every two years.
CHI CAC will establish a recommended directory of professional organizations for personal information protection compliance audits, which will be evaluated annually.
Effectiveness
The consultation is open until Sep. 2, 2023.
Feb. 2025 Measures Finalized
On Feb. 14, 2025, CHI CAC finalized Administrative measures on personal information protection compliance audit, and published answers to reporters at the same time.
Measures clarify situations where personal information processors conduct compliance audits, obligations for personal information processors and professional institutions.
The Personal information protection compliance audit guidelines are attached in the annex, explaining key points of laws and administrative regulations related to personal information protection and providing details from the perspective of compliance audit.
