China launches mandatory audits to bolster personal information protection
BEIJING - China on Thursday enforced new rules that require those handling the personal information of more than 10 million people to conduct regular compliance audits, as part of a broader effort to tighten data privacy and security.
Under the regulations issued by the Cyberspace Administration of China (CAC), such entities must complete audits at least once every two years to examine how they collect, store and use personal information.
The rules also grant regulators the authority to mandate professional audits for entities deemed to pose significant data risks.
The regulations bar an auditor from reviewing the same company more than three consecutive times, a move experts said is aimed at curbing audit manipulation.
A CAC source said the regulations were introduced in response to growing tensions between the widespread collection of personal data and the public's increasing demand for privacy protection.
The new rules represent the implementation of the compliance audit system outlined in China's Personal Information Protection Law.
Data audits are no longer a formality; they've become a genuine "health check" for companies handling data, according to experts from the China University of Political Science and Law.
The new rules, released in February, include a detailed audit guide outlining key areas for company review. These include obtaining user consent, encrypting sensitive data, and managing third-party data transfers.
Authorities have launched a joint crackdown on data abuse in high-use consumer tech sectors, including mobile applications, smart devices, and facial recognition systems.
Experts believe 2025 could mark a turning point for China's data governance. As audits become routine and legal precedents take shape, companies are expected to shift from basic compliance toward leveraging data protection as a competitive edge.
In the evolving internet industry landscape, companies that turn strong privacy safeguards into brand value are likely to outpace those that don't, according to an analyst.
