Transparency
Huawei is open and transparent to regulators, customers, and consumers in terms of personal data processing and end-to-end privacy protection methods. Information use policies should be transparent to users. Users should be able to appropriately control when and if they want to receive information based on their own individual needs.
Privacy Protection and GDPR Compliance
The EU's General Data Protection Regulation (GDPR) came into force on May 25, 2018. The GDPR affects the ways in which GDPR-applicable companies collect and manage their customers' and employees' personal data. The GDPR not only applies to organisations located within the EU but also applies to organisations located outside of the EU if they offer goods or services to, or monitor the behaviour of, EU data subjects.
As an ICT infrastructure and smart device provider, Huawei has always attached great importance to privacy protection and taken corresponding responsibilities solemnly. Huawei has incorporated privacy protection requirements into the processes of daily business activities.
Huawei complies with globally applicable privacy laws, including the GDPR. Huawei will ensure that relevant businesses comply with applicable GDPR requirements.
1. Huawei attaches great importance to privacy protection. To ensure effective implementation of privacy protection requirements, we adopt cross-department collaboration. The established Global Cyber Security and User Privacy Protection Committee (GSPC) is the highest management organization for corporate cyber security and user privacy protection. The Global Cyber Security & Privacy Officer (GSPO) is responsible to the CEO. All business units of Huawei have dedicated privacy-related roles and/or organizations. According to GDPR requirements, we have also appointed a Data Protection Officer (DPO) for the EU.
2. Huawei adopts the privacy protection approaches and practices recognized by the industry. To help business departments better identify and mitigate privacy risks in business activities, we have introduced the PIA approach several years ago to assess our products and services. In GDPR-applicable business scenarios, we (1) create a personal data inventory to maintain personal data processing records and (2) set up an emergency response mechanism for personal data breaches. Once a personal data breach occurs, Huawei will immediately set up an emergency team based on the response process. To protect user privacy to the maximum extent, we try our best to minimize the loss caused by personal data breaches and ensure that persons affected by data breaches are appropriately informed. In addition, we (3) have reviewed and optimized privacy protection requirements for personal data processing activities of suppliers subject to the GDPR, and incorporated compliance requirements into the Manage Supplier process.
3. Huawei regularly provides privacy compliance training to employees, and attaches great importance to improving the GDPR compliance awareness of employees to ensures that every employee and partner involved in the GDPR can accurately understand the legal principles of data protection based on their specific work and functions, and strictly implement the company's applicable systems and processes.
4. Huawei has continuously obtained international certifications and accreditations such as ISO 27001, CSA STAR, and ePrivacy Seal, demonstrating Huawei's compliance with recognized international standards in the industry.
5. To ensure compliance, our Internal Audit Dept has completed a comprehensive review of technologies and processes.
For Huawei, GDPR compliance is only part of Huawei's privacy protection. Privacy protection is not only a legal requirement, but also a social responsibility of Huawei as an ICT infrastructure and smart device provider. We will continuously improve and optimize our products and services to ensure security and privacy and reduce customer and user privacy protection risks.
White Papers
Huawei will continuously demonstrate and elaborate on our privacy protection governance practices.
