Network and Information Security/Data and Privacy Protection Compliance

The EU General Data Protection Regulation (GDPR) came into effect on May 25, 2018. The regulation affects the way GDPR-applicable enterprises handle the personal data of their customers and employees. According to GDPR, enterprises that set up institutions in the EU or provide products or services to the EU shall comply with GDPR when processing personal data of EU data subjects. Violations of the GDPR can result in a fine up to 4% of the enterprise's annual turnover. 

While developing rapidly, LONGi attaches great importance to information security and privacy protection. On the basis of complying with applicable national and regional laws and regulations and international standards, and referring to the requirements of regulatory authorities and customers and industry best practices, LONGi has not only established and improved effective, sustainable and reliable information security and privacy protection management system, but also actively strengthened cooperation with relevant governments, customers and industry partners to rise to challenges in information security and privacy protection together. 

● In terms of organizational structure construction, LONGi has established a global information security and user privacy protection management organization to be responsible for making decisions and approving its overall information security and privacy protection strategy, formulating information security and privacy protection strategies, and managing and supervising the effective implementation of information security and privacy protection in all systems, regions and processes. 

● In terms of system and process specifications, LONGi has not only actively benchmarked industry best practices in the information security and privacy protection, but also systematically established and continuously updated management specifications such as the Information Security Management System and the Confidentiality Management System in combination with international standards for information security and privacy protection, and effectively embedded information security and privacy protection requirements and measures into business processes to continuously promote optimization in combination with business development. 

● In terms of personnel ability awareness training, LONGi has regularly carried out various forms of training and publicity on information security and privacy protection for all employees to strengthen their awareness of information security and privacy protection, and improve their information security and privacy protection ability. 

● In terms of the application of technical tools, LONGi has actively adopted the best and applicable information security and data protection technologies and promoted the implementation of compliance requirements through information system transformation and professional tool embedding to effectively ensure the data security of customers, suppliers, partners, employees and other related entities.