More and more often we hear about privacy issues when Xiaomi is at stake. Notably, since former US President Donald Trump has insisted on including the company in the Black List of militarized Chinese companies, Lei Jun's colossus has started a long way to the gallows. Fortunately, however, we have been able to see that the tycoon's claims are completely false and that, above all, nothing changes for users. But in terms of data protection, how safe is Xiaomi? He answers us TRUSTe, underlining that the brand is the first Chinese company in the world to receive its certification.
A question that many are asking: Does Xiaomi respect the General Data Protection Regulation or GPDR? TRUSTe officially responds
Xiaomi has commissioned TRUSTe LLC, a TrustArc subsidiary, to conduct an independent audit on data protection and security management. For the less accustomed to the subject: audit it means verifying the correctness of a company's financial statements and procedures. This verification has comprehensively assessed whether the processing of personal information conducted by Xiaomi is carried out in accordance with the General data protection regulation (GDPR) of the European Union (EU). The summary of the TRUSTe review states: "The measures described in the GDPR Validation Assessment have been adequately designed to provide a reasonable assurance". Furthermore, the supervisor explains that all 40 validation requirements of the GDPR would have been met.
Being the first Chinese enterprise ever to receive certification from TRUSTe, Xiaomi continues to undergo external scrutiny when it comes to data protection and user privacy, adopting the EU compliance assessment GDPR since 2018. Validation requirements focus on eight areas: integrated governance, risk management, resource allocation, policies and standards, processes, awareness raising and training, monitoring and assurance, reporting and certification. TRUSTe confirmed that Xiaomi has met the applicable validation requirements.
The TRUSTe certification is a privacy and governance framework data created by TrustArc, a certification organization specializing in privacy protection.
Cui Baoqiu, vice president of Xiaomi and chairman of the company's security and privacy committee, said the GDPR validation assessment is a important step to continuously improve data compliance and security of the company. Xiaomi is committed to upholding the highest standards of user privacy policies and practices, particularly for its users in the EU. He then added:
We regularly engage with TRUSTe, as well as other credible institutions globally, to ensure that Xiaomi's user privacy protection including GDPR compliance continues to improve and refine its practices to provide our users with reliable products and services. I am very pleased to see that Xiaomi has completed TRUSTe's annual GDPR privacy compliance audit, demonstrating our commitment to privacy protection
It should be remembered that in 2014 Xiaomi established its own Security and Privacy Committee. In 2016, Xiaomi became the first Chinese company to receive TrustArc certification. In 2019, however, the security and privacy practices of Xiaomi have been certified ISO / IEC 27001 and ISO / IEC 27018. To be fair, it must be remembered that ISO / IEC 27001 has become the most authoritative, rigorous and most widely accepted information security management standard in the world. The certification attests that Xiaomi has met the requirements of international standards and has fulfilled its commitment to users, which places the brand in a leadership position in the area of information security management.
