The General Data Protection Regulation (GDPR) is an integrated law framework that focuses on protecting basic privacy and personal data of EU data subject. It imposes stringent regulations to improve data protection, security, and compliance standards.
As the most important legislation transformation in the past 20 years in privacy and data protection field, the GDPR ushers in the new order of personal data protection in the Big Data era. It bestows new rights to people and puts forward high grade enterprise responsibility system.
GDPR will come to effect on May 25, 2018.
As a global IoT platform and a world leading voice AI interaction platform, Tuya Smart will integrate the demands of customers, brand manufacturers, OEM, factories and retail chain stores in intelligence and provides one-stop AI IoT solutions. Tuya Smart will use industry standard and optimal practices to protect personal data to ensure that the privacy practices of Tuya comply with laws and regulations. Tuya will focus on policies in all countries and timely follow up any changes to provide our customers and partners with more secure and reliable services.
So far, Tuya has passed GDPR compliance verification. In order to meet the requirements of GDPR, Tuya has improved in the following aspects:
Privacy in design
We consider how to minimize the collection of data that is only necessary for our products during the design of our product to ensure that we do not excessively collect and process users' personal information. Besides, the technical personnel will take proper measures to secure the personal data of our users during the development and implementation of the system, such as: encryption storage of sensitive data, setting up strict access authority to ensure the safety of personal data of our users. Measures above have been strictly implemented into the design and development process of our products. Each product has undergone rigorous review before publishing.
Support for User Rights
We put premium on users’ individual rights to ensure that users can access the data collected by us and can properly modify the data. When users do not demand for our service any more, they can delete their individual data through the App.
According to the lifecycle of data, the data security system of Tuya is developed for comprehensive and systematic construction by management and technical means. Every link of the lifecycle of data (data production, storage, use, transmission, data spread and elimination) is under data security management and control to realize the objective of data security. Please refer to the Tuya Smart White Paper for details.
Only part of our works are listed here, but we do more than that.
Moreover, Tuya has reached a cooperation plan with TrustArc. TrustArc will provide Tuya with a set of verified tools and solutions to implement the GDPR compliance plan. TurstArc’s third-party assessment report is expected to be provided in the near future.
Note: For more information about TrustArc, see its official website https://www.trustarc.com. TrustArc has more than 20 years' experience in privacy compliance and risk management, and can help the enterprises in the U.S.A., Europe and Asia to provide comprehensive assessment and certification for privacy policies and control actions. TrustArc has helped some world-class enterprises by providing data privacy and platform security audit, including Xiaomi, Aliyun, AWS, IBM, Apple, Cisco, Oracle and Wmware. TrustArc will also provide Tuya with the compliance to EU GDPR, and the compliance on personal information collection in the U.S.A. and other regions.