Data Protection Compliance

In accordance with the Cyber security Law of People's Republic of China, General Data Protection Regulation of the European Union, and other applicable data protection laws and regulations of countries and regions across the world, ZTE has established a well-designed compliance system and conducted systematic risk control. For ZTE, data protection is not only a legal requirement, but also the building block of trustworthy and ethical business conduct.

ZTE has systematic compliance mechanism including organization system, rules system, agreements system, technical system, training system, and commercial affairs system. In terms of enterprise's core business, ZTE has established company-level standard regulations and domain-level compliance guidelines to support various functional units and to assist employees understand data protection requirements and implement them; as to the agreements system, ZTE has signed data processing agreement  and the Standard Contractual Clauses  with business partners promoting compliance and collaboration between customers and related parties. ZTE has also introduced the privacy by design through a pan-IT system which could help company's products and services become privacy-friendly from the outset. Meanwhile, ZTE has used technical measures such as encryption, anonymization, pseudonymization, double authentication, permission management, and access control to discipline personal data processing activities.

In 2019, all members of ZTE around the world has signed the "Data Protection Compliance Commitment", and took training to learn the "Data Protection Compliance Red Lines". Besides these, ZTE has established a professional Data Protection Compliance team, and conducted a special governance action for the illegal collection of personal information by the App. The data protection agreement review process is embedded, and a personal data breach and data subject rights response mechanism is established to comprehensively support data protection compliance risk management and control from systems, personnel, and processes.

ZTE focuses on core scenarios, and operates efficiently through data protection compliance architecture, and builds an end-to-end, closed-loop, and process-oriented data protection compliance system to comprehensively protect personal privacy and fully protect data security. At the same time, ZTE integrates the data protection concept into the product design and service provision process, takes data protection as an important connotation of the company's core competitiveness, and works with customers, suppliers and other partners to achieve excellence and sustainability under the premise of compliance.