Professional Documents
Culture Documents
Cyber Security and Privacy Protection-Courseware-20210907
Cyber Security and Privacy Protection-Courseware-20210907
1 Huawei Confidential
Contents
Huawei Confidential 2
More emphasis on cyber security
Cyber security is no longer just a technical issue, but a legal and political as
well. We must address the political risk and legal consequences caused by
cyber security issues which could lead to harm the company.
Cyber security issues may create customer concerns about Huawei products
and solutions, affecting sales. We need to ensure customer trust in Huawei's
security, address their concerns, and remove sales barriers.
Cyber security issues are becoming more complex in the new era, presenting
more complex challenges. There is an increasing need for public and private
partnerships. Huawei is engaging governments more broadly on the topic of
cyber security.
Huawei Confidential 3
Cyber security and privacy protection trends in the new era
Huawei Confidential 5
Geopolitics and 5G: Tougher external environment and mounting security
challenges
• Mar 26, 2019: European Commission released its "Recommendation •
South Korea
The Ministry of Information and Communication has • Nov 2019: The Globe and Mail reported
EU on Cybersecurity of 5G networks" had substantial interference in 5G projects. SKT and that the federal government said it would
• Mar 12, 2019: European Parliament passed the European KT have excluded Huawei from the 5G vendor list. not rule out barring Huawei from supplying
Cybersecurity Act, establishing an EU framework for cybersecurity
equipment for Canada's next-gen 5G
certification • Dec 2019: Ministry of Internal Affairs and Canada mobile networks
Denmark • Mar 2019: TDC picked Ericsson over Huawei for its 5G network and Communications essentially banned the government • Dec 2019: Trudeau Government again
will replace Huawei's 4G network with Ericsson's equipment from purchasing telecom products from Chinese dismissed US security warnings against
Japan
vendors using Huawei equipment in Canada's next-
• Chairman of the Norwegian Communications Authority (Nkom) said • Mar 29, 2019: Chief Cabinet Secretary: "We will not gen wireless networks
Norway whether or not to ban Huawei like its allies was a political issue require that specific countries and enterprises be • Mar 2020: US-Canada trade tensions
excluded from the next-gen 5G technology" intensified
Huawei Confidential 6
Contents
Huawei Confidential 7
Huawei's cyber security vs. baseline of industry-standard cyber security
In the industry, cyber security is understood as carrying and protecting data/privacy with robust
networks and defending against hacking. Huawei extends cyber security baseline to cover evidences
proving that we are not a security threat
Business continuity
Exploiting vulnerabilities and network Suspected of exploiting "backdoors"
Hackers Huawei
robustness
Confidentiality Data/User Political aspect: dispel doubt
Integrity privacy Legal aspect: prove Huawei is not a security threat
Availability
Traceability
Counterattack
Industry-standard cyber security Prove that Huawei is not a security threat
Huawei Confidential 8
Cyber security milestones at Huawei
Providing trustworthy
products and solutions to
E2E security assurance help customers build
system resilient networks
• Made cyber security Huawei's top
• Issued Mr. Ren's Statement on
priority
Establishing a Global Cyber
Security Assurance System • Released Mr. Ren's open letter to all
Product security Security mgmt in Huawei employees: Comprehensively
• Established the Global Cyber
& solution R&D processes Enhancing Software Engineering
Security and User Privacy
Capabilities and Practices to Build
security • Established the Network Protection Committee (GSPC)
Trustworthy, Quality Products
Security Engineering • Appointed the Global Cyber
• Released 1st batch of • Opened the Huawei Cyber Security
Technology Committee Security Officer (GCSO)
security technical Transparency Centre in Brussels
to build security into
specifications. Started to • Established the Internal Cyber
focus on product security.
R&D • Initiated the software engineering
Security Lab (ICSL)
transformation program
• Established the Network • Released the CERT process
Security Solution Dept
• Built the E2E security assurance
under R&D to design
system, incl. strategies, policies,
security solutions.
processes, baseline, etc.
Huawei Confidential 9
Cyber Security 2.0: Security as part of our business competitiveness to create
value for customers
Comply with laws and regulations. Lead standards development and increase trust. Translate
security into a core competitive advantage of Huawei products, solutions, and services.
Cyber Security 1.0 (reactive) Cyber Security 2.0 (proactive)
Building basic quality and Proactively creating and sharing
ensuring Huawei is secure value
Value to customers: We share the same goal as our customers, which is to build cyber security
and resilience, address cyber security risks, and ultimately contribute to a fully
connected, intelligent, and secure world.
Huawei Confidential 10
Huawei's Cyber Security Framework 2.0: Helping customers build
network resilience by using trustworthy and independently verified
products and solutions
Customers, governments
technology, industry,
supply chain, etc.
5G Cloud IoT Video Safe city Device • NIST CSF IPDRR and BSI trustworthy
Ecosystem software model
service
partners • Invest US$2 bn to improve software
engineering capabilities
… Collaboration
Wireless Switch Transmission Server Storage Smartphone … • Work with the best partners to deliver the
most comprehensive security solutions
Basic quality, engineering, and technology and services
• Strengthen cooperation and trust with key
Culture, organization, and talent external stakeholders
Compliance
Huawei Confidential 11
PACD's objectives, role, and responsibilities in cyber security
Objectives: Gain the trust in countries; partner with Responsibilities of the PACD GA CSPP team
governments and industries to explore new ways to tackle • Planning: Generates insights into CSPP trends in key
security risks posed by new technologies; identify countries and regions; develops PACD's annual plans on
discriminatory provisions/hidden rules; remove sales the CSPP topic.
barriers; and support business growth. • Policy: Develops Huawei policies, position papers,
presentations, and other documents on CSPP for
government stakeholders; helps local teams develop
solutions for trust around CSPP with their government
Role: PACD is the owner for managing relationships with stakeholders.
the media and governments, including government- • Ecosystem: Engages with standards organizations,
backed industry organizations. We need to win industry associations, think tanks, etc. Makes them an
government and media's trust in Huawei's cyber security and effective alliance to influence policy on CSPP and
privacy protection. catalyzes consensus between Huawei, governments, and
the broader industry.
• Public opinion: Develops messaging materials for the
Responsibilities: Manage PR risks, earn government trust, media on CSPP, including text, videos, and websites.
build a positive image, and establish competitive advantages. Actively promotes Huawei's messages at international
Take responsibilities for the results of business forums and in the media, proactively presenting a positive
environment improvement for rep offices. image of Huawei on the CSPP issue.
Three aspects of PACD's role: (1) gaining insights into policy • Crisis communications: Develops messages for crisis
environments (similar to Marketing roles); (2) managing communications for governments and the media, and
stakeholder relationships (similar to account manager roles); coordinates with other departments on strategies to control
(3) managing solutions (similar to solution manager roles). the spreading and escalation of crises.
Huawei Confidential 12
Contents
Huawei Confidential 13
Country classification Country-specific insights Stakeholder mgmt
Huawei Confidential 14
Country classification Country-specific insights Stakeholder mgmt
Assessment and
Maintenance and
preparation Execution and monitoring
enhancement
1. External environment
insights
Y
① Local govt's strategic
requirements and concerns
② Local cyber security
maturity level 3. Develop a 6. Maintain customer
5. Develop a comms relationships
comms strategy 4. Determine
plan and content ① Clarify customer requirements
(obtain AT/ST comms objectives
①The plan should include by customer segment and meet
N approval) ① Stakeholder their requirements wherever
comms time, audiences,
① map possible.
2. Internal cyber security key steps, and expected ② Establish a customer
insights Proactive/reactive ② Stakeholders' relationship database and maintain
outcomes.
① Does Huawei meet local response attitude towards good customer relations.
② Comms content should ③ Fully communicate with
strategic requirements? ② Local or global Huawei
include KMs. customers to avoid
② Is cyber security an communication misunderstanding.
advantage or disadvantage
for Huawei in the country? Y
Huawei Confidential 16
Country classification Country-specific insights Stakeholder mgmt
01 02 03 04 05 06 07
Strategy Organization Policy Law Methodologies Technical International
& Measures strength cooperation
Has your Does your Has your Has your country Has your How much has Has your country
country or country or country or or organization country or your country or or organization
organization organization organization passed a law on organization organization maintained open
established a have a developed a cyber security? Is identified risks invested in dialogues,
cyber security dedicated team policy on cyber it effectively and taken technology and communications,
strategy? Is it of responsible for security? What enforced? necessary capacity and collaboration
strategic cyber security? content is methodologies building? globally or with
importance? Who do they included in this or measures? external
report to? policy? organizations?
Huawei Confidential 17
Country classification Country-specific insights Stakeholder mgmt
Huawei Confidential 18
Country classification Country-specific insights Stakeholder mgmt
Identify and analyze opportunities Penetration rate and user base: mobile, fixed-line, MBB, and FBB
Identify high-value customers Market share, revenue, and financial condition of major carriers
Status quo of the ICT industry
in the country
Identify product lines with high Development of major technologies: wireless and wired networks and
growth potential transmission
ICT market size and trends in 5–10 years (Carrier BG, Enterprise BG, and
Where do opportunities lie
Consumer BG)
Huawei's presence in the local The current market share and the Carrier, Consumer, Enterprise BGs: size, market share, investment,
market target market share competitors, and Huawei's position
Huawei Confidential 19
Country classification Country-specific insights Stakeholder mgmt
Goal
Effectively communicate to build advantages or remove barriers
Support
Y N
Implementation Develop and execute strategy Continue to monitor the policy environment
Huawei Confidential 20
Country classification Country-specific insights Stakeholder mgmt
WHO: Identify stakeholders, create a stakeholder map, and identify key roles
Develop
Manage and Build
Identify
stakeholder implement mutual
stakeholders
relationships communica trust
tion plans
Key stakeholders
Huawei Confidential 22
Contents
Huawei Confidential 23
Confident
Trust building Knowledge map
communications
24 Huawei Confidential
Confident
Trust building Knowledge map
communications
WHAT (1): Cyber security is not just a crucial corporate strategy; it is the
company's top priority
"Building and fully implementing a global, end-to-end cyber security assurance system will be one of Huawei's
crucial strategies…Huawei will work with governments, customers, and industry partners in an open and
transparent manner to tackle cyber security challenges...In addition, Huawei guarantees that its commitment to
cyber security will never be outweighed by commercial interests."
—Statement on Establishing a Global Cyber Security Assurance System
As a company, cyber security and privacy protection are our top priorities. We are committed to building
trust and high quality into every ICT infrastructure product and solution we develop.
—An open letter to all Huawei employees
Over the past 30 years, Huawei's products have been used in more than 170 countries and regions, serving more than 3 billion users in
total. We have maintained a solid track record in security. Huawei is an independent business organization. When it comes to cyber
security and privacy protection, we are committed to siding with our customers. We will never harm any nation or any individual.
Huawei Confidential 25
Confident
Trust building Knowledge map
communications
Problem and
Delivery service Manufacturing and
Auditing Traceability vulnerability Third-party suppliers
security logistics
solving
Internal audits Software: 1 hour Product Security 3 approvals ISO 28000, C-TPAT, Security agreements
Incident Response Secure remote access TAPA, etc. with 3,855 suppliers
Third-party audits Hardware: 4 hours
Team (PSIRT) platform Auto test equipment
Supplier qualification
Customer audits Responsible disclosure Cyber security work (ATE)
certificate Digital signature Testing of incoming
materials
Huawei Confidential 26
Confident
Trust building Knowledge map
communications
Regional/BG/BU CSOs
Cyber Security and Privacy
PACD
P&S / 2012 Labs Cyber
Protection Lab (CSPL)
Netherlands CSO
Legal Carrier BG
Germany CSO
Australia CSO
Security Office
Security Office
Security Office
Canada CSO
France CSO
MKT Cyber Security Office security strategies and plans and drive
UK CSO
US CSO
implementation.
……
Regions Enterprise BG
CHR
Cyber Security Office • Work with the GSPO to identify
Consumer BG changes to departmental/BG/BU
BP&IT Cyber Security Office processes so that the cyber security
Audit strategy and its requirements are fully
embedded into their processes.
Huawei Confidential 27
Confident
Trust building Knowledge map
communications
WHAT (4): Cyber security strategies, plans, governance mechanisms, accountability system,
and supporting technologies that are integrated, seamless, replicable, and auditable
Charter
Concept
Long-term ISO 21434 ISO 17025
requirements
Plan
SPs/BPs
requirement Develop Verify Release Lifecycle Process
ISO 30111 BC IA
Collect
Owner
Security Verification
Roadmap ISO 29147
Standards/ Security Best Practice
Mid-term
requirement Planning
Customer
Customer
Process
Design
ISO 27001
Sell it right. Legally LTC Process
(SOD/KCPs)
Risk
compliant
R&D security baseline Compliance
Acceptance
Manage Lead Manage Opportunity Manage Contract Fulfillment Testing
Set requirement
ISO 22301
SD /ITR Process Sales mgmt
baseline
Monthly
Sales management Consulting & ISO 27017
Network Design, Roll-out and System Assessment
Huawei Confidential 28
Confident
Trust building Knowledge map
communications
Huawei Confidential 30
Confident
Trust building Knowledge map
communications
Sharing product
CII security/enterprise Exchanges on new
evaluation
security services ICT technologies
reports
Huawei Confidential 31
Confident
Trust building Knowledge map
communications
Best practice sharing: Signing agreements with Indonesia and the Arab
League
On March 29, 2021, the Ministry
On January 12, 2021, the
of Foreign Affairs of China
Cyberspace Administration of
signed the
China signed an
China-League of Arab
MoU on cyber security States Cooperation
cooperation Initiative on Data Security
with the Cyber and the Encryption with the General Secretariat of
Agency of Indonesia the League of Arab States
(LAS)
〉 Regulators on both sides are encouraged to share cyberspace 〉 States should handle data security in a comprehensive, objective and
governance information, including cyberspace-related laws, legislation, evidence-based manner, and maintain an open, secure and stable
regulations, and governance policies. supply of global ICT products and services.
〉 China and Indonesia share ideas, experiences, and best practices on 〉 States should stand against ICT activities that undermine other States'
critical information infrastructure protection, data security management, security and public interests, and oppose unauthorized collection of
personal information protection, and cyber threat responses and personal information of other States with ICTs as a tool.
cooperation. 〉 States should respect the sovereignty, jurisdiction and governance of
〉 The two nations engage in dialogs, mutual visits, and capacity building on data of other Sates, and shall not obtain data located in other States
cyber security issues among stakeholders, including governments, through companies or individuals without those other States'
institutions, academia, and businesses to promote mutual trust and permission.
cooperation in terms of data security.
Takeaway: Creating social value and strengthening Takeaway: Member states are willing to sign agreements at the
relationships with local governments is the foundation of our LAS level, but are hesitant to sign them individually.
work.
https://www.fmprc.gov.cn/mfa_eng/wjdt_665385/2649_665393/t1865098.shtml
Huawei Confidential 33
Confident
Trust building Knowledge map
communications
Huawei Confidential 34
Confident
Trust building Knowledge map
communications
Huawei Confidential 35
Confident
Trust building Knowledge map
communications
Executive Support
Company CEO/vice presidents
Global Cyber Security & Privacy Officer (GSPO)
Director of the Global Government Affairs Dept
Director of the GSPO Office
Cyber Security Officers (CSOs) in local offices
Huawei Confidential 36
Confident
Trust building Knowledge map
communications
Brussels, Belgium
Banbury, UK
Bonn, Germany
Toronto, Canada
Rome, Italy
Dongguan, China
Dubai, UAE
Global
Regional
Communication, Innovation, and Verification
Huawei Confidential 37
Confident
Knowledge map
communications Trust building
http://w3.huawei.com/mypacd/#!pacd/document/view/showOnlineBrowser.html?jalorNode=documentManager&codeItem=102&fileId=37169&f ileType=5&selectAttId=32742
• Q&A for the 2019 hearing in France 6&isDoc=1&propertyId=111&attType=other&activeId=&selDisplay=true&isActDoc=false&source=file&keyWord=&clsca
http://w3.huawei.com/mypacd/#!pacd/document/view/showOnlineBrowser.html?jalorNode=documentManager&codeItem=102&fileId=68329&f ileType=5&selectAttId=56930
Cyber • KMs for the 2019 hearing in France 0&isDoc=1&propertyId=111&attType=other&activeId=&selDisplay=true&isActDoc=false&source=file&keyWord=&clsca=5003,5027
security http://w3.huawei.com/mypacd/#!pacd/document/view/showOnlineBrowser.html?jalorNode=documentManager&codeItem=102&fileId=68330&f ileType=5&selectAttId=56930
hearings • Q&A for the hearing in South Korea 4&isDoc=1&propertyId=111&attType=other&activeId=&selDisplay=true&isActDoc=false&source=file&keyWord=&clsca=5003,5027
http://w3.huawei.com/mypacd/#!pacd/document/view/showOnlineBrowser.html?jalorNode=documentManager&codeItem=102&fileId=68335&f ileType=5&selectAttId=56932
• KM list for the 2019 hearing in Brazil 9&isDoc=1&propertyId=111&attType=other&activeId=&selDisplay=true&isActDoc=false&source=file&keyWord=&clsca=5003,5027
http://w3.huawei.com/mypacd/#!pacd/document/view/showOnlineBrowser.html?jalorNode=documentManager&codeItem=102&fileId=68336&f ileType=5&selectAttId=56933
• Q&A list for the 2019 hearing in Brazil 3&isDoc=1&propertyId=111&attType=other&activeId=&selDisplay=true&isActDoc=false&source=file&keyWord=&clsca=5003,5027
Huawei Confidential 38
Confident
Knowledge map
communications Trust building
• 2016: It is time for real progress in addressing supply chain risks https://www-file.huawei.com/-/media/corporate/pdf/cyber-security/the-global-cyber-security-challenge-en.pdf?la=en
Cyber security
white papers
• Huawei 5G Cyber Security White Paper (the fourth one released on https://www-file.huawei.com/-/media/corporate/pdf/trust-center/huawei-5g-security-white-paper-4th.pdf
May 31, 2019)
http://w3.huawei.com/mypacd/#!pacd/document/view/showOnlineBrowser.html?jalorNode=documentManager&codeItem=-
100&fileId=21558&fileType=5&selectAttId=167968&isDoc=1&propertyId=111&attType=other&activeId=&selDisplay=false&source=file&ke yWord=Communication%
• Communication with Government on 5G Security (slide deck) 20with%20Government%20on%205G%20Security%20(slide%20deck)&uniStr=null
• Key Messages and Q&A Regarding Huawei's 5G Security http://w3.huawei.com/mypacd/#!pacd/document/view/showOnlineBrowser.html?jalorNode=documentManager&codeItem=-
100&fileId=21558&fileType=5&selectAttId=167971&isDoc=1&propertyId=111&attType=other&activeId=&selDisplay=false&source=file&ke yWord=Key%20Message
s%20and%20Q%26A%20Regarding%20Huawei's%205G%20Security&uniStr=null
http://w3.huawei.com/mypacd/#!pacd/document/view/showOnlineBrowser.html?jalorNode=documentManager&codeItem=102&fileId=23625&f ileType=5&selectAttI
• Communication with Government on Cloud Security (slide deck) d=196158&isDoc=1&propertyId=111&attType=other&activeId=&selDisplay=false&isActDoc=false&source=file&keyWord=&clsca=5003,5027, 5055
• Key Messages and Q&A Regarding Huawei's Cloud Security http://w3.huawei.com/mypacd/#!pacd/document/view/showOnlineBrowser.html?jalorNode=documentManager&codeItem=102&fileId=23626&fileType=5&selectAttI
New tech
d=196166&isDoc=1&propertyId=111&attType=other&activeId=&selDisplay=false&isActDoc=false&source=file&keyWord=&clsca=5003,5027, 5055
security
communication http://w3.huawei.com/mypacd/#!pacd/document/view/showOnlineBrowser.html?jalorNode=documentManager&codeItem=102&fileId=23622&f ileType=5&selectAttI
guides • Communication with Government on IoT Security (slide deck) d=196134&isDoc=1&propertyId=111&attType=other&activeId=&selDisplay=false&isActDoc=false&source=file&keyWord=&clsca=5003,5027, 5055
• Key Messages and Q&A Regarding Huawei's IoT Security http://w3.huawei.com/mypacd/#!pacd/document/view/showOnlineBrowser.html?jalorNode=documentManager&codeItem=102&fileId=23623&f ileType=5&selectAttI
d=196142&isDoc=1&propertyId=111&attType=other&activeId=&selDisplay=false&isActDoc=false&source=file&keyWord=&clsca=5003,5027, 5055
• Communication with Government on AI Security (slide deck) http://w3.huawei.com/mypacd/#!pacd/document/view/showOnlineBrowser.html?jalorNode=documentManager&codeItem=102&fileId=23624&f ileType=5&selectAttI
• Key Messages and Q&A Regarding Huawei's AI Security d=196150&isDoc=1&propertyId=111&attType=other&activeId=&selDisplay=false&isActDoc=false&source=file&keyWord=&clsca=5003,5027, 5055
http://w3.huawei.com/mypacd/#!pacd/document/view/showOnlineBrowser.html?jalorNode=documentManager&codeItem=-
100&fileId=23621&fileType=5&selectAttId=196126&isDoc=1&propertyId=111&attType=other&activeId=&selDisplay=false&source=file&ke yWord=%E7%BB%88%E
• Key Messages and Q&A Regarding Huawei Device Security Huawei Confidential 39
7%AB%AF%E5%AE%89%E5%85%A8%E6%94%BF%E5%BA%9C%E6%B2%9F%E9%80%9A%E4%B8%BB%E6%89%93%E8%83%B6%E7%89%87%E5%8F
%8A%E6%B2%9F%E9%80%9A%E5%8F%A3%E5%BE%84&uniStr=null
Confident
Knowledge map
communications Trust building
Videos
• #3 Your key is your ID https://www.youtube.com/watch?v=CpC2nNEeOEU&list=PLCuu5t_nsFKDVjiKZNNh8SXu0ePS18pAd&index=3
http://w3.huawei.com/mypacd/#!pacd/document/view/showOnlineBrowser.html?jalorNode=documentManager&codeItem=102&fileId=23257&f ileType=5&selectAttId=1914
• PACD Cyber Security Package for
Visits Customer Visits
61&isDoc=1&propertyId=111&attType=other&activeId=&selDisplay=false&isActDoc=false&source=file&keyWord=%E6%8E%A5%E5%BE%85%E5%A 5%97%E9%A4%9
0&clsca=5003,5027
Huawei Confidential 40
Confident
Knowledge map
communications Trust building
Huawei Confidential 41
Confident
Knowledge map
communications Trust building
Shares Huawei's perspectives on Explains how Huawei resolves Provides customers with Focuses on supply chain security
cyber security with the industry issues through its end-to-end suggestions on how to manage
and the general public cyber security assurance system and improve cyber security
Huawei Confidential 42
Confident
Knowledge map
communications Trust building
Huawei Confidential 43
Confident
Knowledge map
communications Trust building
Huawei Confidential 44
Contents
Huawei Confidential 45
New technologies and innovative business models present more
challenges to privacy protection
Major implications of big data analytics on data Privacy and data protection build the foundation of Customers will not adopt 5G-enabled services if
protection: trust. Major challenges: adequate privacy protocols are not in place.
Use of algorithms Lack of control and information asymmetry Wide-ranging impact on modern life
Using all data Quality of the user's consent Robust and fit for purpose security
Opacity of processing Inferences derived from data and repurposing of architecture needs to be at the center of 5G
Repurposing data original processing development to ensure privacy and customer
Intrusive bringing out of behavioral patterns and
security.
Data controller or processor?
profiling
Limitations on the possibility to remain anonymous
Huawei Confidential 46
Privacy legislations around the world are modeled after GDPR
Omnibus coverage
Countries that have single or multiple national privacy
or data protection laws that result in comprehensive
coverage. These laws do not exclude the possibility of
additional sector-specific privacy regulations.
Sectoral coverage
Countries that have sectoral privacy or data
protection laws, for example, in the public sector,
financial sector, and telecommunication sector.
None
Countries that do not have privacy or data protection laws
but may have some coverage in their constitution or other
laws.
The legal concepts and basic principles of personal data protection provided
Countries/regions with dedicated privacy protection
in GDPR are widely accepted worldwide. After the EU released GDPR in 2016,
laws: 118
Argentina, New Zealand, Canada, Japan, Brazil, Turkey, and China all referred
Countries/regions with laws which cover privacy
to GDPR when developing or amending their own personal data protection
protection requirements: 28
laws.
Huawei Confidential 47
Basic concepts about privacy protection
Concepts Implications for companies
• The data subject (natural person) is the owner of his or her data. • Each data controller (a company may have more than one data
• The data subject decides (except under special circumstances) controller) must maintain a complete list of personal data that it
who can obtain and access their personal data, and how their stores and/or processes, including legal basis, retention period,
personal data will be used and processed. transfer, etc.
• The data subject is entitled to multiple rights. The data controller • Best practices (not explicitly defined in GDPR) must be adopted to
(company or individual) must respect these rights, such as the protect all personal data.
right to request access or the deletion of their data (i.e. the right • All data controllers must demonstrate the company's highest level of
to be forgotten). effective personal data governance, policies, processes, capabilities,
• The data controller cannot use personal data for purposes without awareness, and oversight.
valid legal basis (valid legal basis includes consent, contract • The data controller must fulfill its legal obligations.
fulfillment, etc.). • The response to data subjects' requests must strictly comply with the
• The data controller is legally obligated to protect data. SLA.
• Cross-border transfers of personal data (or access data from a • Violations or non-compliance in some areas may result in serious
foreign country) may be restricted or have special prerequisites. consequences.
Huawei Confidential 48
Huawei's privacy protection framework: Setting differentiated privacy
protection objectives to meet various privacy expectations
Mainly Mainly
consumer carrier & enterprise Employee
business business
Huawei Confidential 49
Huawei privacy protection Message House
Respecting and protecting privacy to let people embrace a fully
connected, intelligent world
We collaborate openly with stakeholders to protect
Huawei is a responsible and trustworthy global We adopt a Privacy by Design/Default approach to ensure privacy protection
personal data and privacy in the digital world and
provider of ICT infrastructure and smart devices. requirements are embedded into all our business processes and activities. enable the digital transformation process.
• Protecting privacy is part of our social responsibility. • We adopt the Privacy Impact Assessment (PIA) methodology to evaluate and mitigate privacy • Carrier & enterprise customers: Privacy protection
We are committed to protecting customer data. risks in our products and services. is an integral part of Huawei's solutions, helping
We never sell customer data. • We have maintained a comprehensive personal data inventory to record all personal data customers successfully go digital.
• Data is the most important resource in the digital processing activities, legal bases, security and control measures, and cross-border data transfers. • Consumers: Huawei aptly protects all private
world and privacy protection is the foundation of This helps us achieve legal compliance in a transparent and effective way and provide better consumer data stored on Huawei's devices and
the development of digital technologies. Working customer services. cloud. Consumers are made aware of all
with regulators, partners, and customers, we • At Huawei, we have established privacy protection organizations with clearly-defined roles activities that collect personal data, and can
understand what privacy protection is about and and responsibilities. These organizations are managed by our long-standing Global Cyber control the collection, processing, and sharing of
embed it into everything we do. Security & User Privacy Protection Committee which is chaired by Huawei's Rotating Chairman. their personal data.
• Privacy legislation is an effective way to address All business departments have dedicated personnel or organizations for privacy protection. In • Cloud service customers: Huawei strictly complies
public concerns about privacy breaches and addition, we have appointed an EU Data Protection Officer (DPO) who leads a team that with the boundaries of services and never
helps companies better protect personal data. As independently oversees Huawei's privacy activities to ensure they are GDPR compliant. monetizes customer data. Huawei never uses
a leading global ICT infrastructure solutions and • We continue to train and test all our employees on privacy protection. In addition, privacy customers' personal data without explicit consent.
smart devices provider, Huawei fully complies with all protection requirements are included in the company's Employees Business Conduct Guidelines • Industry partners, governments, and regulators:
applicable laws and regulations. (BCGs) to ensure all employees correctly understand and abide by privacy protection rules and Privacy protection requires joint efforts across
• Huawei remains open, and our approaches and requirements. the industry and is an ongoing process. Huawei
practices for end-to-end privacy protection are • Huawei adopts a comprehensive approach to supplier privacy protection management, is committed to working with industry stakeholders
transparent to regulators, customers, and which ensures that data processing agreements (DPAs) are signed, privacy protection and partners to understand and address privacy
consumers. responsibilities are clearly defined, and privacy protection requirements are strictly enforced. challenges in the digital world. We aim to do our part
Based on a risk-informed model, we conduct audits on suppliers to ensure their compliance. to deliver a better connected world.
• By referring to best practices, we protect personal data and have strict control over cross-
border personal data transfers. In cases where cross-border data transfers happen, we ensure
that data receiving countries can provide the adequate protection level required by GDPR. In
addition, we make sure that necessary processes and resources for privacy protection are in place
so that we can meet any reasonable request from regulators or data subjects.
Huawei Confidential 50
Privacy protection course on iLearning
GDPR Introduction
• Course objectives:
Understand the basic roles and data processing principles under GDPR and the major
changes in the legislation
• http://ilearning.huawei.com/next/learnCourse.html?courseId=23997#/video/110195
Huawei Confidential 51
Thank you. 把数字世界带入每个人、每个家庭、
每个组织,构建万物互联的智能世界。
Bring digital to every person, home and
organization for a fully connected,
intelligent world.