Privacy Protection Safeguards Digital Innovation: Huawei Shares Its Privacy Protection Governance Framework and Practices
[Singapore, July 16, 2019] The IAPP Asia Privacy Forum 2019 was hosted by International Association of Privacy Professionals (IAPP) in Singapore on July 15-16, 2019. In attendance were officials from data protection regulators in countries and regions such as Singapore, the Philippines, India, Japan, and Hong Kong, as well as privacy protection opinion leaders, experts, and scholars from around the world.
Since the General Data Protection Regulation (GDPR) took effect over one year ago, more than 370,000 organizations have set up registered data protection officers, and privacy protection has drawn wide attention. Companies now attach more importance to user privacy protection. Kevin Wang (privacy protection owner, Huawei GSPO Office), Fabrice Naftalski (Global Head of Data Protection, EY), Dr. Zhong Lin (partner, EY Chen & Co), and Shawn Li (DPO, L'Oréal China) delivered the speech entitled "When the GDPR Meets Chinese Data Protection Compliance: Privacy Protection Governance Framework and Practices", focusing on the discussion of compliance strategies and solutions for personal data protection in different judicial systems.
From left to right: Fabrice Naftalski, Kevin Wang, Shawn Li, Dr. Zhong Lin
The speakers together demonstrated the similarities and differences between EU and China's privacy protection laws and regulations, analyzed the challenges faced by multinational companies in complying with personal data protection laws, and provided feasible solutions and suggestions for personal data protection compliance based on companies' privacy protection governance experience.
Kevin Wang said that Huawei's privacy protection practices cover the management and operation mechanism of personal data throughout its lifecycle. These practices integrate the Privacy by Design and Privacy by Default concepts into business processes and ensure transparency in the collection and use of personal data in business activities. Huawei has developed a set of globally applicable personal data protection principles based on the GDPR and Generally Accepted Privacy Principles (GAPP) in the privacy protection field and has localized these principles. In addition, Huawei ensures that privacy protection activities can be effectively implemented and supervised through the top-down organizational governance structure. Huawei actively responds to privacy law changes, consumer expectations, and customer requirements. Huawei's privacy protection organization continuously interprets and breaks down privacy protection requirements into business control requirements, and implements and optimizes these requirements in the existing business process system.
How international companies establish and implement an efficient privacy protection compliance governance framework was the focus of attention at the forum, during which participants held extensive and in-depth discussions.