Xiaomi, a consumer electronics and smart manufacturing company with smartphones and smart hardware connected by an IoT platform at its core, has today announced the findings of an independent review into its data protection compliance.
Xiaomi appointed TRUSTe LLC, a subsidiary of TrustArc, to conduct an independent audit of its data protection and security management. The review comprehensively evaluated whether the processing of personal information conducted by Xiaomi is performed in compliance with the General Data Protection Regulation (GDPR) of the European Union (EU). The TRUSTe review summary states: “The measures described in the GDPR Validation Assessment were suitably designed to provide reasonable assurance” that all 40 GDPR Validation Requirements would be met.
As the first ever Chinese enterprise to receive certification from TRUSTe, Xiaomi continues to submit to outside scrutiny when it comes to data protection and user privacy, adopting the GDPR of the EU compliance assessment since 2018.
The Validation Requirements focus on program-level measures in eight areas: Integrated Governance, Risk Management, Resource Allocation, Policies and Standards, Processes, Awareness and Training, Monitoring and Assurance, and Reporting and Certification. A member of the Global Privacy Solutions team from TRUSTe validated that Xiaomi has met the applicable Validation Requirements.
Cui Baoqiu, Xiaomi Vice President and Chairman of Xiaomi Security and Privacy Committee, said the GDPR Validation Assessment is an important step in continuously enhancing the company’s data and security compliance. Xiaomi strives to uphold the highest standards of user privacy policies and practices, particularly for its users in the EU, he added.
Cui Baoqiu stated: “We regularly engage with TRUSTe, as well as other credible institutions globally to warrant that Xiaomi’s user privacy protection, including GDPR compliance, keeps improving and perfecting its practices to offer our users reliable and trustworthy products and services. I’m very pleased to see that Xiaomi has completed TRUSTe’s annual audit of GDPR privacy compliance, which demonstrates our commitment to privacy protection.”
TrustArc, which is based in the U.S., is a leading global privacy compliance and risk management company with decades of deep expertise and leadership in building and maturing comprehensive privacy programs and enabling continuous compliance, information governance, and data security.
User security and privacy is Xiaomi’s top priority. In 2014, Xiaomi established its Security and Privacy Committee. In 2016, Xiaomi became the first Chinese enterprise to receive certification from TrustArc. Xiaomi adopted the GDPR of the EU compliance assessment in 2018, and continues to submit to outside scrutiny when it comes to data protection and user privacy. In 2019, Xiaomi security and privacy practices were certificated on ISO/IEC 27001 and ISO/IEC 27018. The company also published the first version of the MIUI security and privacy white paper.