On July 15, the National Technical Committee 260 on Cyber-security Standardization Administration of China (TC260) released the Data Security Technology — Personal Information Protection Compliance Audit Requirements (Draft for Comment) (the "Draft") for public comments, and the cut-off date for submitting comments is September 11, 2024.

The Draft sets out the audit principles and general audit requirements for personal information protection compliance audits, putting forward overall requirements for personal information processors as well as auditors that conduct personal information protection compliance audits. The Draft is designed to implement Article 54 of the Personal Information Protection Law of the People's Republic of China, which states that "personal information processors shall have the compliance of their activities of processing of personal information with laws and administrative regulations audited on a regular basis." In addition, the schedules of the Draft specify reference documents including the personal information protection compliance audit process, audit evidence, audit content and methods, audit working paper templates, and audit report templates.

(Source: National Technical Committee 260 on Cyber-security Standardization Administration of China (TC260))