The national standards GB/T 35273-2017 of the Information Security Technology – Personal Information Security Specification (the “Specification”) formulated by the National Information Security Standardization Technical Committee has come into effect as of May 1, 2018. The Specification mainly targets at the personal information controllers and provides detailed guidelines for the collection, retention, use, sharing, transfer and public disclosure of personal information with more than 130 specific measures for personal information protection. In particular, the Specification provides specific implementing standards for the “scope of personal information and sensitive personal information” and “legitimacy and minimization requirement”, the mode of express consent and formation of privacy policy, offering best practices guides to the enterprises. Each enterprise may review the legitimacy of processing personal information, formulate privacy policy and establish user information protection system according to the Specification. 

(Source: Zhong Lun Publications)