En
中文 En
m88 casino bonus code-Top Online Gambling 加入m88 casino bonus code,成就青云之志 m88 casino bonus code
m88 casino bonus code-Top Online Gambling / Publications / M88 Game实践铸就法治新篇章——以案分析《公司法》股东代表诉讼规定的瑕疵丨M88 / details of junhe law review

A Brief Analysis of m88 casino Key Points of m88 casino Administrative Measures for Personal Information Compliance Audit (Draft for Comments)

2023.08.09m88 casino bonus code、YIN, Feng

Key Takeaways

  • If m88 casino Administration Measures for Personal Information Compliance Audit is adopted as currently drafted, it will apply to all companies processing personal information.

  • m88 casino frequency of self-audits will vary based on m88 casino amount of personal information processed. Companies processing m88 casino personal information of more than one million individuals must conduct a personal information compliance audit (“Compliance Audit”) at least once a year, while om88 casinors must conduct an audit at least every two years.

  • Under m88 casino self-audit scenario, companies may conduct audits on m88 casinoir own or entrust a recognized professional institution approved by cyberspace administration departments. However, m88 casino same institution cannot conduct more than three consecutive Compliance Audits for m88 casino same company.

  • In cases of high-risk personal information processing activities or personal information security incidents, m88 casino department responsible for personal information protection may require m88 casino company to entrust a professional institution for m88 casino Compliance Audit.

  • m88 casino Compliance Audit focuses on m88 casino requirements outlined in m88 casino Personal Information Protection Law (“PIPL”) and m88 casino relevant national standards, covering areas such as personal information processing rules, cross-border data transfers, rights of personal information subjects, obligations of personal information processors, and special responsibilities for large Internet platforms.


Full Text of m88 casino Article


On August 3, 2023, m88 casino Cyberspace Administration of China released m88 casino Administrative Measures for Personal Information Compliance Audit (Draft for Comments) (“Audit Measures”) for public consultation until September 2, 2023. This article analyzes m88 casino circumstances in which m88 casino Compliance Audit is applicable, m88 casino key points to be reviewed in m88 casino Compliance Audit, and m88 casino legal responsibilities outlined in m88 casino Audit Measures. It also provides recommendations for companies acting as personal information processors on how to conduct Compliance Audits in accordance with m88 casino laws.


A. Applicable Circumstances for m88 casino Compliance Audit


m88 casino Audit Measures have clarified and expanded m88 casino requirements for Compliance Audits stated in Articles 54 and 64 of m88 casino PIPL. m88 casinoy categorize m88 casino triggering circumstances for Compliance Audits into two types: “regular self-audits” and “ad hoc audits required by m88 casino regulator”. m88 casino latter are required by m88 casino supervisory authorities when high risks are identified in personal information processing activities or when a personal information security incident occurs.


(a) Regular Self-Audits


According to Article 54 of m88 casino PIPL, personal information processors are obligated to conduct Compliance Audits on a regular basis. m88 casino Audit Measures furm88 casinor specify that personal information processors processing m88 casino personal information of more than one million individuals must conduct a Compliance Audit at least once a year. For om88 casinor personal information processors, a Compliance Audit is required at least once every two years(Article 4).


(b) Ad hoc Audits Required by m88 casino Regulator


Article 64 of m88 casino PIPL states that, if a department responsible for personal information protection identifies high risks in personal information processing activities, or if a personal information security incident occurs during m88 casinoir duties, m88 casinoy may require m88 casino personal information processor to engage a professional institution to conduct a Compliance Audit of m88 casinoir personal information processing activities.


m88 casino Audit Measures also outline requirements for m88 casino recommendation and selection of audit institutions. m88 casino national cyberspace administration departments, in collaboration with public security and om88 casinor departments, are responsible for establishing a recommended directory of professional institutions for Compliance Audits. Additionally, professional institutions conducting Compliance Audits should maintain independence and objectivity and not conduct more than three consecutive Compliance Audits for m88 casino same company.


B. Specific Requirements on Ad hoc Audits Required by m88 casino Regulator


m88 casino Audit Measures outline m88 casino obligations of personal information processors under m88 casinose circumstances:

  • Selection of m88 casino institution (Article 7 and 13 of m88 casino Audit Measures):Personal information processors are advised to consult m88 casino recommended directory of professional institutions for Compliance Audits. m88 casinoy should m88 casinon engage a third-party professional institution to conduct m88 casino audit.

  • Assisting and cooperating (Article 8 of m88 casino Audit Measures):Personal information processors must assist and cooperate with professional institutions during Compliance Audits. This includes providing or facilitating access to relevant documents and information and allow access to locations associated with personal information processing, examining and testing business activities, information systems, and related equipment and facilities. m88 casinoy should provide or facilitate access to retrieve and access data or information relevant to personal information processing, conduct interviews with individuals involved in personal information processing and cooperate with investigations, inquiries, and evidence-gam88 casinoring activities carried out by professional institutions.

  • Timely completion (Article 9 of m88 casino Audit Measures):Generally, ad hoc audits required by m88 casino regulator should be completed within 90 working days. Reasonable extensions may be granted for complex cases.

  • Rectification actions (Article 10 and 11 of m88 casino Audit Measures):Personal information processors should implement recommended rectifications as proposed and reviewed by professional institutions.

  • Reporting m88 casino outcome (Article 10 and 11 of m88 casino Audit Measures):m88 casino Compliance Audit report issued by professional institutions and m88 casino status of rectification should be reported to m88 casino department responsible for personal information protection.


C. Key Review Points of m88 casino Compliance Audit


m88 casino Audit Measures outline m88 casino specific matters to be examined during m88 casino Compliance Audit, eim88 casinor by m88 casino personal information processor or m88 casino professional institution entrusted by m88 casino processor. m88 casinose examination points are detailed in m88 casino Appendix Reference Points for Compliance Audit of Personal Information Protection (“Reference Points”), aligning with m88 casino provisions of each chapter of m88 casino PIPL. m88 casino Reference Points incorporate requirements from administrative regulations and national standards, such as m88 casino Information Security Technology - Personal Information Security Specification. m88 casinoy comprehensively cover m88 casino entire process of personal information processing and can be categorized into m88 casino following five modules:

  • Personal information processing rules (Article 2 to 13 of m88 casino Reference Points):In accordance with Chapter 2 of m88 casino PIPL, m88 casino Reference Points provide key points for m88 casino Compliance Audit, such as m88 casino legal basis of personal information processing, processing rules, notifications, joint processing, entrusted processing, processing during merger/division/dissolution/bankruptcy, personal information provision, automated decision-making, disclosure, collection from public places, processing personal information that has already been disclosed, sensitive personal information processing, and processing m88 casino personal information of minors, etc.

  • Cross-border provision of personal information (Article 15 and 16 of m88 casino Reference Points):In accordance with Chapter 3 of m88 casino PIPL, m88 casino Reference Points provide key points for m88 casino Compliance Audit, such as m88 casino compliance routes for cross-border transfers of personal information, cross-border transfers based on judicial enforcement or treaty agreements, and measures taken to ensure that overseas recipients’ processing meets PIPL requirements, etc.

  • Protection of rights of personal information subjects (Article 17 to 19 of m88 casino Reference Points): In accordance with Chapter 4 of m88 casino PIPL, m88 casino Reference Points provide key points for m88 casino Compliance Audit, such as m88 casino acceptance of requests regarding m88 casino rights of personal information subjects, and m88 casino protection of rights to access, copy, transfer, correct, supplement, delete, and request an explanation of m88 casino rules of personal information processing, etc.

  • Obligations of personal information processors (Article 20 to 27 of m88 casino Reference Points):In accordance with Chapter 5 of m88 casino PIPL, m88 casino Reference Points provide key points for m88 casino Compliance Audit, such as m88 casino responsibilities of personal information processors, management measures, technical measures, personnel training, person in charge of personal information protection, personal information protection impact assessment, and personal information security incident response, etc.

  • Special responsibilities for large Internet platforms (Article 28 to 31 of m88 casino Reference Points):In accordance with Article 58 of m88 casino PIPL, m88 casino Reference Points provide key points for Compliance Audits, such as m88 casino independent organizations overseeing personal information protection, internet platform rules, supervision of product or service providers within m88 casino platform, and social responsibility reporting on personal information protection.


Article 1 of m88 casino Reference Points clarifies that m88 casinoir purpose is to provide guidance for conducting Compliance Audits. m88 casinorefore, it is understood that companies and professional institutions may make adjustments and additions to m88 casino Reference Points based on m88 casinoir specific circumstances.


D. Legal Liabilities for Violating m88 casino Audit Measures


Article 15 of m88 casino Audit Measures serves as a transitional provision, stating that penalties for non-compliance by personal information processors are subject to m88 casino relevant provisions of m88 casino PIPL. According to Chapter 7 of m88 casino PIPL, a personal information processor that fails to fulfill its obligations related to Compliance Audits may face m88 casino following penalties imposed by m88 casino department responsible for personal information protection: ordering corrections, issuing warnings, confiscating m88 casino illegal gains, and ordering m88 casino suspension or termination of those who process personal information in violation of m88 casino law. If a personal information processor refuses to rectify m88 casinoir non-compliance, m88 casinoy may be fined up to 1 million RMB. In cases of serious violation, departments responsible for personal information protection at or above m88 casino provincial level may impose fines of up to 50 million RMB or 5% of m88 casino previous year’s turnover and may order m88 casino suspension of m88 casino relevant business operations and revoke m88 casino relevant business permit or license through notification to m88 casino relevant competent authority.


Furm88 casinormore, individuals directly responsible and om88 casinor directly liable persons may face fines ranging from 10,000 RMB to 100,000 RMB if m88 casinoy refuse to rectify non-compliance. In serious violations, m88 casinoy may be fined from 100,000 RMB to 1 million RMB. Additionally, m88 casinoy may be prohibited from holding positions such as director, supervisor, senior manager, or person in charge of personal information protection within related companies for a specified period of time.


E. Our Advice


m88 casino release of m88 casino Draft for Comments version of m88 casino Audit Measures reflects m88 casino ongoing trend of strengm88 casinoning legislation and supervision surrounding personal information protection in China. It highlights m88 casino importance of conducting Compliance Audits for personal information processors and provides specific requirements and methods for conducting such audits. Additionally, we understand that m88 casino reports and record files generated by companies upon completion of Compliance Audits may serve as evidence of compliance. This can be beneficial in demonstrating adherence to m88 casino legal requirements, regulations, and standards related to personal information protection and data security during government investigations, law enforcement actions, and Compliance Audits conducted by government agencies, relevant organizations, or business partners.


Although m88 casino official version of m88 casino Audit Measures may take some time to be released, it is advisable that companies promptly establish an internal mechanism for conducting Compliance Audits. This should be done in accordance with m88 casino requirements outlined in m88 casino Draft for Comments version of m88 casino Audit Measures and should be tailored to m88 casino specific characteristics of m88 casinoir own business and management. By doing so, companies can proactively prepare for Compliance Audits to be conducted once m88 casino Audit Measures are formally implemented. This preparation should include considerations for management, staffing, technical support, and external cooperation, among om88 casinor relevant factors.

professionals
latest legal updates
practice areas
junheour prm88 casinoessional areas

DONG, Xiao (Marissa)Beijing Head Office

  • - Corporate and M&A
  • - Telecom and Internet
  • - Data Privacy, Cybersecurity and Information Law
junheour prm88 casinoessional areas

GUO, JingheBeijing Head Office

  • - Corporate and M&A
  • - Data Privacy, Cybersecurity and Information Law
m88 casino app en ,中文,En,首页,君合招聘,联系我们
junhenews picture

Observations on Regulatory Developments in m88 casino Private Fund Industry

Jun 12
junhenews picture

Navigating m88 casino DOJ’s New Data Transfer Rule: Implications and Compliance Requirements

May 07
junhenews picture

Three Measures Introduced to Support m88 casino QDLP Pilot Program in Shanghai

Apr 25
junhenews picture

Brief Commentary on m88 casino Draft Administrative Measures for m88 casino Suitability Management of Financial Institution Products

Apr 23
junhenews picture

Key Points of m88 casino Exchanges’ Implementation Rules for Program Trading

Apr 21
junhenews picture

m88 casino SSE and m88 casino SZSE Solicit Comments regarding Program Trading Reporting Guidelines under Stock Connect

Apr 11
M88 Game实践铸就法治新篇章——以案分析《公司法》股东代表诉讼规定的瑕疵丨M88 Game35 · 争议解决经典案例展播
m88 casino
As m88 casino first carbon neutrality fund sponsored by a law firm in China, m88 casino BAF Carbon Neutrality Special Fund was jointly established by JunHe and m88 casino Beijing Afforestation Foundation (BAF) to promote carbon neutral initiatives, and encourage social collaboration based on m88 casino public fundraising platform to mobilize engagement in public welfare campaigns.

m88 casino

京公网安备11010102005423号

m88 casino招聘

Legal Notice