The full text of the 12 data security national standards is here

The report of the 20th National Congress of the Communist Party of China is a theoretical guideline and action plan for the development of the party and the country in the new era . ”, “Strengthen the protection of personal information” , etc. "Data security" and "personal information protection" have been raised to unprecedented heights, and they are an important component of supporting the construction of a global linkage, three-dimensional and efficient national security protection system, and building a new security pattern in my country.

Technical standards are the "ruler" of safe construction. Recently, the State Administration for Market Regulation and the Standardization Administration of the People's Republic of China issued the National Standards Announcement of the People's Republic of China (No. 13, 2022), and 14 national cybersecurity standards under the jurisdiction of the National Information Security Standardization Technical Committee were approved for release, 12 of which involved data Safety and personal information protection, the full text of which has been officially released recently, including gait recognition, genetic recognition, voiceprint recognition, face recognition, smart cars, instant messaging, express logistics, online shopping, online payment, online audio and video, online car reservation, In the field of personal information security engineering and other fields , the data security requirements are explained in detail. In order to help the industry progress, Lianshi collected and sorted out the original text of the 12 national standards released this time for readers to learn and refer to.

Follow this account, private message the editor, and you can package and download the full-text PDF files of the 12 national data security standards.

Note: The original text of the standard comes from the website of the Central People's Government of the People's Republic of China (http://www.gov.cn/fuwu/bzxxcx/bzh.htm). If there is any infringement, please contact to modify or delete.

List of 12 national data security standards

serial number	standard encdoing	standard name
1	GB/T 41773-2022	"Information Security Technology Gait Recognition Data Security Requirements"
2	GB/T 41806-2022	"Information Security Technology Genetic Identification Data Security Requirements"
3	GB/T 41807-2022	"Information Security Technology Voiceprint Recognition Data Security Requirements"
4	GB/T 41817-2022	"Information Security Technology Personal Information Security Engineering Guide"
5	GB/T 41819-2022	"Information Security Technology Face Recognition Data Security Requirements"
6	GB/T 41871-2022	"Information Security Technology Automotive Data Processing Security Requirements"
7	GB/T 42012-2022	"Information Security Technology Instant Messaging Service Data Security Requirements"
8	GB/T 42013-2022	"Information Security Technology Express Logistics Service Data Security Requirements"
9	GB/T 42014-2022	"Information Security Technology Online Shopping Service Data Security Requirements"
10	GB/T 42015-2022	"Information Security Technology Network Payment Service Data Security Requirements"
11	GB/T 42016-2022	"Information Security Technology Network Audio and Video Service Data Security Requirements"
12	GB/T 42017-2022	"Information Security Technology Network Reservation Car Service Data Security Requirements"

"Information Security Technology Gait Recognition Data Security Requirements"

• Implementation date: 2023/5/1

• Standard number: GB/T 41773-2022

• Overview/requirements: This document specifies the security requirements for data processing activities such as gait recognition data collection, storage, transmission, use, processing, provision, disclosure, and deletion. This document is applicable to gait recognition data processors to standardize data processing activities, and regulatory authorities and third-party evaluation agencies to supervise, manage, and evaluate gait recognition data processing activities for reference.

"Information Security Technology Genetic Identification Data Security Requirements"

• Implementation date: 2023/5/1

• Standard number: GB/T 41806-2022

• Overview/requirements: This document specifies the security requirements for data processing activities such as collection, storage, use, processing, transmission, provision, disclosure, and deletion of genetic identification data and related information. This document is applicable to processors of genetic identification data and related information to regulate data processing activities, and can also provide reference for regulatory authorities and third-party evaluation agencies to supervise, manage, and evaluate genetic identification data processing activities.

"Information Security Technology Voiceprint Recognition Data Security Requirements"

• Implementation date: 2023/5/1

• Standard number: GB/T 41807-2022

• Overview/requirements: This document specifies the security requirements for data processors in the collection, storage, use, transmission, provision, disclosure, and deletion of voiceprint recognition data. This document is applicable to regulate data processors' voiceprint recognition data processing behavior.

"Information Security Technology Personal Information Security Engineering Guide"

• Implementation date: 2023/5/1

• Standard number: GB/T 41817-2022

• Overview/requirements: This document proposes the principles, objectives, stages, and preparations for personal information security engineering, and provides engineering guidelines for implementing personal information security requirements in the stages of demand, design, development, testing, and release of network products and services. This document is applicable to network products and services (including information systems) that involve personal information processing, and provides guidance for their simultaneous planning and construction of personal information security measures. It is also suitable for organizations to refer to when conducting privacy projects in the software development life cycle.

"Information Security Technology Face Recognition Data Security Requirements"

• Implementation date: 2023/5/1

• Standard number: GB/T 41819-2022

• Overview/requirements: This document specifies the general security requirements for face recognition data and the security requirements for specific processing activities such as collection, storage, use, transmission, provision, disclosure, and deletion. This document is applicable to data processors safely carrying out face recognition data processing activities.

"Information Security Technology Automotive Data Processing Security Requirements"

• Implementation date: 2023/5/1

• Standard number: GB/T 41871-2022

• Overview/requirements: This document specifies the general security requirements, off-vehicle data security requirements, cockpit data security requirements and management security requirements for vehicle data processors to collect and transmit vehicle data and other processing activities. This document is applicable to automobile data processing activities carried out by automobile data processors, applicable to the design, production, sales, use and operation and maintenance of automobiles, and also applicable to the supervision and management of automobile data processing activities by competent regulatory authorities and third-party evaluation agencies. and evaluation.

"Information Security Technology Instant Messaging Service Data Security Requirements"

• Implementation date: 2023/5/1

• Standard number: GB/T 42012-2022

• Overview/requirements: This document specifies the security requirements for data processing activities such as collection, storage, transmission, use, processing, provision, disclosure, deletion, and export of instant messaging services. This document is applicable to standardize data processing activities of instant messaging service providers, and can also provide reference for supervision, management, and evaluation of instant messaging service data processing activities by regulatory authorities and third-party evaluation agencies.

"Information Security Technology Express Logistics Service Data Security Requirements"

• Implementation date: 2023/5/1

• Standard number: GB/T 42013-2022

• Overview/requirements: This document specifies the security requirements for data processing activities such as collection, storage, transmission, use, processing, provision, disclosure, deletion, and export of express logistics services. This document is applicable to express logistics service providers to standardize data processing activities, and can also provide reference for regulatory authorities and third-party evaluation agencies to supervise, manage, and evaluate express logistics service data processing activities.

"Information Security Technology Online Shopping Service Data Security Requirements"

• Implementation date: 2023/5/1

• Standard number: GB/T 42014-2022

• Overview/requirements: This document specifies the security requirements for data processing activities such as collection, storage, transmission, use, processing, provision, disclosure, deletion, and export of online shopping services. This document is applicable to the standardization of data processing activities by online shopping service providers, and can also provide reference for regulatory authorities and third-party evaluation agencies to supervise, manage, and evaluate online shopping service data processing activities.

 

"Information Security Technology Network Payment Service Data Security Requirements"

• Implementation date: 2023/5/1

• Standard number: GB/T 42015-2022

• Overview/requirements: This document specifies the security requirements for data processing activities such as collection, storage, transmission, use, processing, provision, disclosure, deletion, and export of online payment services. This document is applicable to the standardization of data processing activities by online payment service providers, and can also provide reference for regulatory authorities and third-party evaluation agencies to supervise, manage, and evaluate online payment service data processing activities.

"Information Security Technology Network Audio and Video Service Data Security Requirements"

• Implementation date: 2023/5/1

• Standard number: GB/T 42016-2022

• Overview/requirements: This document specifies the overall requirements for data processing activities such as collection, storage, use, processing, transmission, provision, disclosure, and deletion of online audio and video services. This document is applicable to network audio and video service providers to regulate data processing activities, and can also provide reference for regulatory authorities and third-party evaluation agencies to supervise, manage, and evaluate network audio and video service data processing activities.

"Information Security Technology Network Reservation Car Service Data Security Requirements"

• Implementation date: 2023/5/1

• Standard number: GB/T 42017-2022

• Overview/requirements: This document specifies the security requirements for data processing activities such as collection, storage, use, processing, provision, disclosure, and export of online car reservation services. This document is applicable to the standardization of data processing activities of online car reservation service providers, and can also provide a reference for regulatory authorities and third-party evaluation agencies to supervise, manage, and evaluate online car reservation service data processing activities.

Follow the account, private message the editor, and you can package and download the full-text PDF files of the 12 national data security standards.