【Personal Data Breach Response】
We have set up a personal data breach response mechanism based on rapid multi-party cooperation, which defined our work procedures by IT-based management and control system . And we have developed a supporting information system based on the specialized event reporting system. So that we can track and record the entire emergency response process to meet internal and external potential document retrieval and evidence submission needs. In the meantime, data breach emergency drills have been organized on an irregular basis to strengthen the verifiability of job responsibilities and emergency response mechanisms, fully preventing data breach and handling data breach in an efficient and rational way.
To ensure the implementation of personal data breach policies and measures, we have set up data protection audit mechanisms and violation reporting channels. Through the work of our full-time compliance audit team, self-inspection audits have been incorporated into our internal control assurance system to perform regular audits to promote the normal cycle of cultural development, resource investment, process re-engineering, and capacity improvement. With no data protection violation incidents occurring throughout the year of 2019, we have effectively safeguarded the personal data security of data subjects.
【Personal Data Right Response】
We have set up a data subject right response mechanism based on rapid multi-party cooperation, which defined our work procedures. Data subject can respond effectively when he/she exercises their data subject right through the Online Application Entrance. To be specific, a professional internal process response system has been built through IT-based tools, so that compliance experts and Data Protection Officer can participate in the process and meet the requirement of quickly responding requirement to data subjects. In the meantime, we can track and record the entire response process to meet internal and external potential document retrieval and evidence submission needs.
Data subject can contact the Data Protection Compliance Dept. of the ZTE via the Online Application Entrance directly. At the same time, the system will ensure the security of the personal data during the process. Based on the IT-based data subject rights response system, ZTE provides data subjects with high-quality interactive experience, improves social trust with good compliance behavior.
【Data Protection Impact Assessment】
For new products, new technologies and major product service changes, to ensure that the personal data processing process meets the international data protection compliance requirements, ZTE through IT online evaluation tools , adopts the Data Protection Impact Assessment method to carry out data protection risk assessment .
In practice, we have adopted the data protection impact assessment process to promote risk analysis and take related risk control measures in R&D, sales, operation, maintenance, and other main business processes. In the R&D stage, for example, we conduct Data Protection Impact Assessment of the personal data in order to analyze the security measures in respect of permissions, logs, encryptionand anonymity that have been taken to guarantee the safety of personal data. Before data processing and transfer, the evaluatation concerning the requirements of the relevant national laws has to be carried out, applicable international rules must be identified and corresponding obligations must be fulfilled.