1.Personal Data Right Response
We have set up a data subject right response mechanism based on rapid multi-party cooperation. Data subjects can be responded to effectively when the data subjects exercise their data subject right through the Online Application Entrance. To be specific, a professional internal process response system has been built through IT-based tools, so that compliance experts and the Data Protection Officer can participate in the process and meet the requirement for quickly responding to data subjects. In the meantime, we can track and record the entire response process to meet potential internal and external document retrieval and evidence submission needs.
The data subjects can contact the Data Protection Compliance Dept. of ZTE via the "Data Subject Right Response System" directly. At the same time, the system will ensure the security of personal data during the process. Based on the IT-based data subject right response system, ZTE provides data subjects with a trustworthy, high-quality interactive experience.
2.Personal data breach response
ZTE set up a personal data breach response mechanism based on rapid multi-party cooperation. ZTE specified the response procedures and manages them through the "Personal Data Breach Response System" designed by experts to track and record the entire emergency response process to meet potential internal and external document retrieval and evidence submission needs. In the meantime, data emergency drills have been organized on an irregular basis to strengthen the verifiability of job responsibilities and emergency response mechanisms, avoiding data breaches and handling data breaches efficiently and rationally.
To ensure the implementation of personal data breach policies and measures, ZTE has data protection audit mechanisms and violation reporting channels. Through the work of our full-time compliance audit team, self-inspection audits have been incorporated into ZTE’s internal control assurance system to perform regular audits to promote the virtuous cycle of cultural development, resource investment, process re-engineering, and capacity improvement.
3.Data & Privacy protection impact assessment
To ensure that new products, new technologies, and major product service changes meet the international privacy protection compliance requirements, ZTE adopted the Data & Privacy Protection Impact Assessment method to carry out privacy protection risk assessment through IT online evaluation tools.
In practice, ZTE adopted the Data & Privacy Protection Impact Assessment process to promote risk analysis and take related risk control measures in R&D, sales, operation, maintenance, and other main business processes. During the R&D phase, ZTE conducts the Data & Privacy Protection Impact Assessment of the personal data in order to analyze the security measures concerning permissions, logs, encryption, and anonymity that have been taken to guarantee the security of personal data. Before data processing and transfer, the evaluation concerning the requirements of the relevant national laws has to be carried out. Applicable international rules must be identified and corresponding measures must be taken to lower the risks.