ZTE has established the principle of“following global regulations and multi-dimensional penetrating governance”. ZTE has carried out a series of systematic construction in terms of organization, rules, agreements, training, commercial affairs, etc., which extends the rights and obligations of data subjects, data controllers, and data processors to product design, management internal control, and service delivery. In the implementation of its operations, the realization of data protection in ZTE's scene penetration and practical use, and promote the deep absorption, rotation and integration of compliance in the corporate governance system.
With regard to the organizational system, ZTE has established an organizational model of "professional team support, compliance defense control, and multiple internal and external synergistic operations." The company has a full-time data protection officer, and has deployed compliance directors / product safety directors at the company's headquarters various business areas, and subsidiaries to form a vertically integrated, coordinated and complete risk prevention and control operation structure.
Regarding the rule system, ZTE has established a structure of "policy, manual, principled norms, and scenario-based guidelines" to guide various departments to identify and respond to data protection risks in business activities based on scenarios. Through systematic rule building, provide comprehensive compliance guidelines and standard specifications to ensure that functional units and employees can easily understand and implement data protection requirements.
In terms of the agreement system, ZTE has focused on promoting the signing of legally binding agreements, and has extensively signed data processing agreements, data transferring contracts, notification letters, authorization letters, etc. with various parties, forming a data protection agreement risk control system. In terms of the training system, ZTE has established an integrated closed-loop mechanism for curriculum development, training implementation, and effect verification, which promotes compliance awareness and ability improvement of employees in multiple dimensions. Curriculum development, through all-member courses and key area courses. Matching with special topic promotion; the training implementation side adopts the general knowledge + business layered training mode, giving full play to the role of the full-time compliance director of each unit to achieve global and full coverage.
In relation to the commercial system, ZTE has embedded the key points of data protection compliance into the commercial activity process, and has developed a complete compliance guidance suite for commercial activities such as major exhibitions, forums, and product launches. Before the event, analyze the risk points and countermeasures, formulate supporting privacy notices, and clarify the personal data retention and destruction strategies; during the event, strictly operate in accordance with the scope and guidelines for personal data collection, and fulfill transparency obligation through privacy notice in applicable scenarios; after the event, conduct personal data inspection, handover, deletion, etc.