Singapore, July 16, 2019] The IAPP Asia Privacy Forum 2019 centering on privacy protection, trust, and digital innovation was hosted by International Association of Privacy Professionals (IAPP) in Singapore on July 15 and 16, 2019. In attendance were officials from data protection regulators in countries and regions such as Singapore, Hong Kong, the Philippines, India, and Japan, as well as privacy protection opinion leaders, experts, and scholars from around the world.
Since the General Data Protection Regulation (GDPR) took effect over one year ago, EU data protection regulators have received more than 200,000 cases related to personal data breaches and complaints from data subjects. Recently, Information Commissioner's Office (ICO), the UK's data protection regulator, planned to impose fines of £183 million and £99 million on an airline company and a hotel group, respectively, drawing wide attention once again to privacy protection. Kevin Wang (privacy protection owner, Huawei GSPO Office), Fabrice Naftalski (Global Head of Data Protection, EY), Dr. Zhong Lin (partner, EY Chen & Co), and Shawn Li (DPO, L'Oréal China) delivered the speech entitled "When the GDPR Meets Chinese Data Protection Compliance: Privacy Protection Governance Framework and Practices", focusing on the discussion of compliance strategies and solutions for personal data protection in different judicial systems.
Left to right: Fabrice Naftalski, Kevin Wang, Shawn Li, Dr. Zhong Lin
Kevin Wang, Fabrice Naftalski, Dr. Zhong Lin, and Shawn Li demonstrated the similarities and differences between EU and China's privacy protection laws and regulations, analyzed the challenges faced by multinational enterprises in complying with personal data protection laws, and provided feasible solutions and suggestions for personal data protection compliance based on enterprises' privacy protection governance experience.
Kevin Wang said that Huawei's privacy protection compliance framework sets differentiated privacy protection objectives based on Huawei's characteristics in different business domains, thereby meeting the privacy expectations of consumers, customers, and internal employees. Huawei's privacy protection practices cover the management and operation mechanism of personal data throughout its lifecycle. These practices integrate the Privacy by Design and Privacy by Default concepts into business processes and ensure transparency in the collection and use of personal data in business activities.
He emphasized that Huawei, as an international company, has developed a set of globally applicable personal data protection principles based on the GDPR and Generally Accepted Privacy Principles (GAPP) in the privacy protection field and has localized these principles. To effectively evaluate and mitigate personal data protection risks, Huawei implements privacy impact assessment (PIA) for systematic control in terms of privacy notification, choice and consent, data collection, data use and retention, data security protection, disclosure to third parties, cross-border data transfer, and response to data subject rights.
In addition, Kevin Wang expressed his belief that privacy compliance is not just a matter of the Legal Affairs Dept. Huawei ensures that privacy protection activities can be effectively implemented and supervised through the top-down organizational governance structure. Huawei actively responds to privacy law changes, consumer expectations, and customer requirements. Huawei's privacy protection organization continuously interprets and breaks down privacy protection requirements into business control requirements, and implements and optimizes these requirements in the existing business process system.
How international companies establish and implement an efficient privacy protection compliance governance framework was the focus of attention at the forum, during which many participants held extensive and in-depth discussions with Kevin Wang, Fabrice Naftalski, Dr. Zhong Lin, and Shawn Li.