Path:
Home >
GB/T >
Page206 > GB/T 45574-2025
Price & Delivery
US$379.00 · In stock · Download in 9 secondsGB/T 45574-2025: Data security technology - Security requirements for processing of sensitive personal information
Delivery: 9 seconds. True-PDF full-copy in English & invoice will be downloaded + auto-delivered via email. See
step-by-step procedureStatus: Valid
| Std ID | Version | USD | Buy | Deliver [PDF] in | Title (Description) |
| GB/T 45574-2025 | English | 379 |
Add to Cart
|
4 days [Need to translate]
|
Data security technology - Security requirements for processing of sensitive personal information
|
Click to Preview a similar PDF
Basic data
| Standard ID | GB/T 45574-2025 (GB/T45574-2025) |
| Description (Translated English) | Data security technology - Security requirements for processing of sensitive personal information |
| Sector / Industry | National Standard (Recommended) |
| Classification of Chinese Standard | L80 |
| Classification of International Standard | 35.030 |
| Word Count Estimation | 18,144 |
| Date of Issue | 2025-04-25 |
| Date of Implementation | 2025-11-01 |
| Issuing agency(ies) | State Administration for Market Regulation, China National Standardization Administration |
GB/T 45574-2025: Data security technology - Security requirements for processing of sensitive personal information
---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order.
ICS 35.030
CCSL80
National Standard of the People's Republic of China
Data security technology
Security requirements for processing sensitive personal information
2025-11-01 Implementation
State Administration for Market Regulation
The National Standardization Administration issued
Table of contents
Preface III
1 Scope 1
2 Normative references 1
3 Terms and Definitions 1
4 Identification and Definition of Sensitive Personal Information 2
4.1 Identification of Sensitive Personal Information 2
4.2 Definition of Sensitive Personal Information 2
5 General security requirements for processing sensitive personal information 3
5.1 Basic Requirements 3
5.2 Legality of Collection 3
5.3 Collection Requirements 3
5.4 Informed consent 3
5.5 Security protection requirements 4
6 Special security requirements for processing sensitive personal information 6
6.1 Biometric Information 6
6.2 Religious Belief Information 6
6.3 Specific identity information 6
6.4 Medical and health information 6
6.5 Financial Account Information 6
6.6 Tracking information 7
6.7 Personal information of minors under the age of 14 7
6.8 Other sensitive personal information 8
Appendix A (Normative) Sensitive Personal Information Categories 9
Appendix B (Informative) Template for obtaining written consent for processing sensitive personal information10
Reference 11
Foreword
This document is in accordance with the provisions of GB/T 1.1-2020 "Guidelines for standardization work Part 1.Structure and drafting rules for standardization documents"
Drafting.
Please note that some of the contents of this document may involve patents. The issuing organization of this document does not assume the responsibility for identifying patents.
This document was proposed and coordinated by the National Cybersecurity Standardization Technical Committee (SAC/TC260).
This document was drafted by. China Electronics Standardization Institute, Information Engineering Institute of the Chinese Academy of Sciences, National Institute of Information Technology Security
Research Center, Ant Technology Group Co., Ltd., Beijing Douyin Information Service Co., Ltd., Beijing Kuaishou Technology Co., Ltd., and the Ministry of Public Security’s Third
Research Institute, First Research Institute of the Ministry of Public Security, National Computer Network Emergency Response Technical Processing Coordination Center, China Cyberspace Research Institute, China Software Evaluation Center
Testing Center, Beijing Baidu Netcom Technology Co., Ltd., Peking University Cancer Hospital, China CITIC Bank Corporation, Beike Zhaofang (Beijing) Technology
Co., Ltd., Alibaba (Beijing) Software Services Co., Ltd., Beijing Huapin Boyui Network Technology Co., Ltd., Shanghai Shizhuang Information Technology Co., Ltd.
Co., Ltd., China UnionPay Co., Ltd., SF Express Co., Ltd., Olympus (Beijing) Sales and Service Co., Ltd., Yidu Cloud (Beijing)
Technology Co., Ltd., Philips (China) Investment Co., Ltd., Xiamen Meiyou Co., Ltd., Lantu Automotive Technology Co., Ltd., Zhongguancun Science and Technology
Xuecheng City Brain Co., Ltd., Xi'an Jiaotong University, Beijing Xiaoju Technology Co., Ltd., Lenovo (Beijing) Co., Ltd., Huawei Technologies Co., Ltd.
Limited Company, Guangxi Power Grid Co., Ltd.
The main drafters of this document are. Yao Xiangzhen, Hu Ying, Chen Shu, Gao Chao, Shangguan Xiaoli, Niu D, Chen Lin, Hao Chunliang, Bai Xiaoyuan, Li Weijing, Wang Xin,
Zhu Xuefeng, Sudan, Yu Dongsheng, Chen Yanru, Wang Hui, Jiang Wei, Yang Ting, Sun Shuo, Heng Fanxiu, Feng Sha, Zhang Chao, Huang Tianning, Wang Bin, Xu Yan, Liu Lei,
Li Lin, Zhe Ze, Liang Wentao, Zhang Lingzi, Huang Penghua, Wang Yang, Xu Qi, Wang Wei, Cheng Wenjing, Liu Jun, Li Shi, Zhang Lingcui, Li Fenghua, Yang Tao,
Shi Yuzhen, Liu Xiaocen, Gao Zhen, Luo Hongwei, Wang Pu, Gu Wei, Bian Le, Wei Zonghui, Liu Chaoping.
Data security technology
Security requirements for processing sensitive personal information
1 Scope
This document establishes the identification and definition of sensitive personal information, stipulates the general security requirements for the processing of sensitive personal information and the
Handling special security requirements.
This document applies to personal information processors who carry out sensitive personal information processing activities, and also applies to regulatory authorities and third-party assessment agencies.
Supervise, manage and evaluate sensitive personal information processing activities.
2 Normative references
The contents of the following documents constitute essential clauses of this document through normative references in this document.
For referenced documents without a date, only the version corresponding to that date applies to this document; for referenced documents without a date, the latest version (including all amendments) applies to
This document.
GB/T 35273 Information security technology Personal information security specification
GB/T 40660 Information security technology Basic requirements for biometric identification information protection
GB/T 41391 Information security technology Basic requirements for mobile Internet applications (Apps) to collect personal information
3 Terms and definitions
The following terms and definitions apply to this document.
3.1
Personal information
Any information relating to an identified or identifiable natural person recorded electronically or otherwise.
3.2
Personal information that, once leaked or illegally used, may easily cause infringement on a natural person’s personal dignity or endanger personal and property safety.
Note. Sensitive personal information includes biometrics, religious beliefs, specific identities, medical health, financial accounts, whereabouts, and information about minors under the age of 14.
Personal information of adults.
3.3
Organizations and individuals who independently decide on the purpose and method of processing personal information in personal information processing activities.
3.4
The natural person identified or associated with the Personal Information.
[Source. GB/T 35273-2020, 3.3]
3.5
Activities such as collection, storage, use, processing, transmission, provision, disclosure and deletion of personal information.
...
