China’s Management Measures for Compliance Audit of Personal Information Protection, issued by the Cyberspace Administration of China (CAC), took effect on May 1, 2025. They build on the Personal Information Protection Law (PIPL) and introduce mandatory audits—clarifying who must conduct them, how often, and what they must cover. Companies that fail to comply may face penalties under the PIPL, the Network Data Security Management Regulations, and related laws.
Under the new rules, compliance now follows two steps:

Before PI processing: Personal Information Security Impact Assessment (PIA)
After PI processing: Personal Information Protection Compliance Audit (PIPCA)

Enforcement is already increasing. Personal information protection has become part of routine inspections, making it essential for companies to prepare.

What you will learn from this training:

Which companies are required to conduct compliance audits
How often audits must be performed
The difference between PIA and PIPCA
How to conduct PIPCA

This training is open to everyone and free of charge.