The Cyberspace Administration of China published draft rules requiring service providers that maintain data on more than 1 million people to perform annual compliance audits, Reuters reports. These reviews, to be conducted by a CAC-appointed agency, must also evaluate services with data of more than 100,000 users or sensitive data of more than 10,000 users. The CAC said services with data of less than 1 million users should undergo a "personal information compliance check" at least biennially.
CAC publishes draft data rules for service providers
Related stories
Notes from the IAPP Canada: Ontario IPC shares enforcement philosophy with law students
Notes from the IAPP Europe: Wrapping up November with the IAPP DPC
Ireland's DPC details legitimate interest prong of its LinkedIn enforcement action
What the new European Commission could mean for digital regulation
IAPP DPC 2024: Reynders discusses GDPR enforcement harmonization, adequacy developments
