Filed under gb-t-45574-2025
Every brief tagged "gb-t-45574-2025".
- § 01 · SENSITIVE-PERSONAL-INFORMATION
Seven Highlights of China's New Sensitive Personal Information Processing Standard — and What They Mean in Practice
GB/T 45574-2025 《数据安全技术 敏感个人信息处理安全要求》 (Data Security Technology — Security Requirements for Processing Sensitive Personal Information) is China's first dedicated national standard on sensitive personal information (敏感个人信息), effective 1 November 2025. Authored by Wang Yi, Zhao Yanming, and Zeng Lingwei of the Shenzhen Data Exchange DEXC+ program, this brief walks through the seven highlights the standard introduces: a recalibrated scope of what counts as sensitive personal information under PIPL, dynamic classification logic, a new linkage between sensitive-PI volume and the important data threshold, industry-specific and group-specific protections, data-security-maturity requirements, a model written-consent template, and tightened lifecycle obligations covering collection, storage, display, and audit. The operational takeaway for overseas counsel: the standard converts PIPL's high-level sensitive-PI obligations into testable, auditable requirements — compliance teams should treat it as the primary implementation guide for PIPL Article 28 and beyond.