Strengthening the Protection of Personal Information in China - National Standard Overhaul

The 2017 Specification has been the core national standard used to guide legal entities to collect, store and transfer personal information legally and compliantly

On March 6, 2020, the State Administration for Market Regulation and the Standardization Commission of China jointly promulgated the Information Technology – Personal Information Security Specification (Document No. GB/T 35273—2020) (信息安全技术个人信息安全规范) (the 2020 Specification). The 2020 Specification will become effective in October 2020 and replace the Personal Information Security Specification promulgated in 2017 (the 2017 Specification). The 2017 Specification has been the core national standard used to guide legal entities to collect, store and transfer personal information legally and compliantly.

It has been revised over the years to reflect the changing demands of the public and the fast development of digital processes. The draft version of the 2020 Specification was published by the National Information Security Standardization Technical Committee in February 2019. Subsequently, the first and second draft for comments versions were published in June and October of 2019, respectively.