Theoretical logic and system construction of personal information protection compliance audit
Personal information protection compliance audit is not only a legal obligation for personal information processors,but also its preventive exemption function helps to incentivize personal information processors to reasonably avoid legal risks,improve personal information protection capabilities proactively,and promote the synergy between government supervision and enterprise self-discipline in the context of regulatory model transformation.The Personal Information Protection Law provides for a two-tier audit model of"autonomous audit +mandatory audit",and the Administrative Measures for Personal Information Protection Com-pliance Audit(Draft for Comments)provides an important basis for the implementation of compliance audit,but there are still gaps in terms of system connection,legal effect,and the conduct of audit.Personal information protection compliance audit should consider both personal information protection risks and compliance risks,and be clearly differentiated from personal information protection impact assessment,algorithmic auditing and other systems in terms of applicable cases,purpose and content.In order to ensure the effectiveness of personal information protection compliance audit,the audit system needs to focus on the construction of a system of audit principles,audit preparation,audit basis,audit method,audit content,audit conclusion,etc.,and at the same time,it is also necessary to consider key issues such as the implementation of the audit principles,the development of audit checklists,the selection of audit basis,and the application of audit conclusions in the course of the actual implementation of the audit activities.
personal information protection compliance auditrisk assessmentautonomous auditmandatory audit
万方数据
维普
