中圖分類號：D922 16;F239.6文獻標識碼：ADOI:10.19358/j.issn.2097-1788.2024.01.009
引用格式：王沖.個人信息保護合規審計的理論邏輯與制度構建［J］.網絡安全與數據治理，2024，43（1）：65-72，

Theoretical logic and system construction of personal information protection compliance audit

Abstract： Personal information protection compliance audit is not only a legal obligation for personal information processors, but also its preventive exemption function helps to incentivize personal information processors to reasonably avoid legal risks, improve personal information protection capabilities proactively, and promote the synergy between government supervision and enterprise selfdiscipline in the context of regulatory model transformation. The Personal Information Protection Law provides for a twotier audit model of "autonomous audit+mandatory audit", and the Administrative Measures for Personal Information Protection Compliance Audit (Draft for Comments) provides an important basis for the implementation of compliance audit, but there are still gaps in terms of system connection, legal effect, and the conduct of audit.

Key words : personal information protection compliance audit; risk assessment; autonomous audit; mandatory audit