Data Protection Compliance

ZTE carries out data protection compliance work in strict accordance with laws and regulations, and incorporates requirements into business activities to win customers' trust and build a compliance brand. In addition, ZTE earnestly explores innovative compliance solutions while actively learning from first-class data protection compliance practices. Based on its global risk management and control, ZTE makes great efforts to turn compliance investment into customers' trust in its products and services.

• ZTE Data Protection Rules System: ZTE has established company-level data protection rules that comply with the Personal Information Protection Law of the People's Republic of China, the General Data Protection Regulation (GDPR) of Europe, and other applicable data protection laws and regulations. To build a risk-oriented compliance management system for data protection, ZTE not only performs compliance management in a top-down manner, but also incorporates scenario-based compliance rules into business activities to match the actual business.

• Data Protection into Product Design: ZTE implements special governance for key business and countries, and incorporates data protection requirements into product design, service delivery, and internal control and management to promote the integration of compliance management with business, and support product innovation with compliance. Specifically, ZTE formulates relevant compliance policies, manuals, and guidelines, optimizes management and control processes, and promotes the incorporation of compliance into business. Business units strictly implement compliance requirements, and fully disclose, continuously reduce, and jointly handle various risks. All employees respect the rules, take the initiative to provide suggestions, and participate in the building of a compliance management system.

• Digital Transformation of Compliance Management: ZTE actively adopts applicable technologies and measures for data protection, and promotes the digital transformation of compliance management through the reconstruction of IT systems, introduction of professional tools, and improvement of technical solutions. By incorporating the tools, solutions and IT systems, such as Privacy Center, Data Compliance System, App Privacy Compliance Scanning Tool, Product Compliance Review System, etc., into the existing management processes and operation systems, the company ensures that all procedures of data processing can be recorded, queried, traced, and verified, thus achieving comprehensive, integrated, and automatic management and control.

Internally, ZTE forms a set of good practice cases of data protection implemented by business units, involving organizational measures, technical measures, and compliance control measures. The publicity of such cases promotes the exchange and learning of the compliance methods and control measures among different business units of the company, so that the data protection compliance measures are continuously optimized. ZTE encourages business units to implement data protection rules based on their own business characteristics, so as to generate a large number of good practices for personal information protection, accumulate practical experience, strengthen the compliance foundation in business, and eventually enhance the overall data  protection capabilities of ZTE. Externally, ZTE is actively promoting the co-building of data protection with industry partners. To be specific, the company takes data protection as a consensus to be reached during cooperation with relevant parties, such as customers, suppliers and business partners, etc. While ensuring compliance of ZTE's products and services, ZTE has worked together with all parties to build a sound data protection compliance ecosystem across industries.