China’s Management Measures for Compliance Audit of Personal Information Protection, issued by the Cyberspace Administration of China (CAC), took effect on May 1, 2025. They build on the Personal Information Protection Law (PIPL) and introduce mandatory audits—clarifying who must conduct them, how often, and what they must cover. Companies that fail to comply may face penalties under the PIPL, the Network Data Security Management Regulations, and related laws.
Under the new rules, compliance now follows two steps:
- Before PI processing: Personal Information Security Impact Assessment (PIA)
- After PI processing: Personal Information Protection Compliance Audit (PIPCA)
Enforcement is already increasing. Personal information protection has become part of routine inspections, making it essential for companies to prepare.
What you will learn from this training:
- Which companies are required to conduct compliance audits
- How often audits must be performed
- The difference between PIA and PIPCA
- How to conduct PIPCA
This training is open to everyone and free of charge.
For questions, please contact Freda CHEN at freda.chen@dezshira.com. We look forward to welcoming you and helping you navigate these new requirements with confidence.
Online Training | Thursday, September 18, 2025 | 3:30 PM China / 9:30 AM CEST / 8:30 AM UK
