EU General Data Protection Regulation (GDPR) will apply from May 25, 2018. It will affect the way that organizations covered by GDPR collect and manage the personal data of their customers and employees.
Under GDPR, any company that have an establishment in the EU or that offer goods or services to individuals in the EU when processing personal data of EU data subjects will need to meet new requirements.
As a provider of information and communications technology (ICT) infrastructure and smart devices, Huawei has been fully aware of our role in privacy protection, we take our corresponding responsibility seriously and has embedded the privacy protection requirement into the processes of our daily business activities.
Huawei complies with applicable privacy laws globally including GDPR. Huawei will ensure relevant business activities meet applicable GDPR requirements.
1. At Huawei, privacy protection is a top priority. We take a cross-functional approach to ensure an efficient implementation. Our long-established Global Cyber Security & User Privacy Protection Committee serves as the company's highest-level organization for managing cyber security and user privacy protection. The Global Cyber Security & Privacy Officer directly reports to the CEO. All of Huawei's business units have set up dedicated privacy-related roles and/or offices. Where required by the GDPR, we have appointed an EU Data Protection Officer (DPO).
2. Huawei adopts industry-recognized privacy protection methodologies and practices. To help business departments better identify and mitigate privacy risks in business activities, we have introduced the Privacy Impact Assessment process to evaluate our products and services a couple of years ago. Where required by the GDPR, we have (i) built a data inventory to maintain a record of processing activities; (ii) established a personal data breach emergency response mechanism. In the event that personal data is leaked, an emergency response team will be immediately set up based on the existing response process. To protect user privacy as much as possible, efforts will be made to reduce potential losses caused by data leaks and to ensure those influenced by leaks are well informed; (iii) reviewed and optimized our privacy protection requirements for suppliers‘ personal data processing activities covered by GDPR, and have built compliance requirements into our supplier management processes.
3. Huawei employees are continually trained on privacy compliance on a recurring basis, in which we take employee awareness of GDPR compliance very seriously, ensuring that every employee and partner covered by GDPR accurately and as needed for their particular functions and tasks understands data protection principles and strictly follows the applicable company's regulations and processes.
4. Huawei continues to pursue internationally-recognized certifications and accreditations, demonstrating compliance with the well-recognized international standards, such as ISO 27001, CSA STAR, ePrivacy Seal, etc.
5. To ensure compliance, our internal audit teams have completed thorough technical and process reviews.
At Huawei, GDPR compliance is only one part of the story. To us, privacy protection is not just a legal requirement; as a provider of information and communications technology (ICT) infrastructure and smart devices, protecting privacy is our social responsibility. We will continue to evolve and refine our products and services to ensure privacy and security, and to minimize customer and user exposure to risk.