On February 14, 2025, the Cyberspace Administration of China (CAC) published the Administrative Measures for Compliance Audits on the Protection of Personal Data, which will come into effect on May 1, 2025. The new regulations apply to all companies in China that process personal data and define clear requirements regarding the frequency of self-assessments as… Continue reading New Regulations for Data Audits
Tag: risk assessment
New measures for Data Security Management
China continues to regulate data security. The Data Security Management Measures in the Field of Industry and Information Technology, which took effect on January 1, 2023, further specify the management of the entire life cycle of data. Companies should primarily pay attention to the following four requirements: Data localization: It is not explicitly required that… Continue reading New measures for Data Security Management
Certification for Systems of Data Security Management
The Chinese Government has been encouraging companies to have mobile app certifications for some time. Search engines and app stores are encouraged to prioritize applications from companies that have certifications. Now, enterprise data security management certification is also to be developed. In early June 2022, the General Administration of Market Supervision and the Office of… Continue reading Certification for Systems of Data Security Management
Who Is Operator of Critical Information Infrastructure?
Critical Information Infrastructure Operators (CIIOs) are a central and so far vague concept of China’s new cybersecurity and data protection system. With the regulations on critical information infrastructure protection (“the regulations”) that came into force on September 1, 2020, the government is now creating more transparency, but at the same time increasing the pressure on… Continue reading Who Is Operator of Critical Information Infrastructure?
China Intellectual Property Blog 