TINNO products meet the requirements of the GDPR

 


About the GDPR

The General Data Protection Regulation (GDPR) was put into effect on May 25, 2018. The GDPR is a new legislation implemented by the EU for privacy protection. The GDPR, which first proposed that users have the "right to be forgotten",  clearly stipulates that data subjects have the right to require data controllers to delete personal data related to them and prevent their data from being disseminated. To protect personal privacy to the greatest extent, the GDPR strictly limits the conditions for companies and governments to use personal information and data. The regulation itself is large, far-reaching, and the most important data privacy change protection in decades. The GDPR will levy harsh fines against those who violate its privacy and security standards. There are two tiers of penalties, €10 million to €20 million or 2% to 4% of global revenue (whichever is higher).

 

Scope of the GDPR

The GDPR applies to global operating companies and not only applies to companies within the EU. If the company processes the personal data of EU citizens or residents, or the company offers goods or services to such people, then the GDPR applies to the company even if the company is not in the EU.

 

Core Concepts of the GDPR

The GDPR governs the processing of personal data of individuals in the EU by companies. The processing of personal data is a major activity that refers to obligations under the GDPR, The personal data is a very broad concept that refers to any relevant information of identified or identifiable individuals.

Data subjects have a wide range of rights including right to access, object, rectify, delete, restrict, and right to data portability and so on. The  processing of personal data generally requires the explicit consent of the data subject, which consent must be freely given, specific, explicit and informed.

 

 

For the GDPR, TINNO is ready and its products and services can meet the GDPR compliance requirements.

Tinno strictly complies with the GDPR and has established a special team to be responsible for compliance, putting user data security and privacy in the top priority. In 2017, Tinno overseas subsidiary WiKO had hired professional technical consultants who was constantly checking the completeness of the activities throughout the product chain, from development, design, production and sales, and conducted a special GDPR audit every year according to EU standards.

 

 

The specific treatment measures are as follows:

 

Product system

Putting privacy protection into the product R&D management system;

Meeting the relevant requirements of data security and privacy protection from the source code of the product system;

Closing or removing all related functions and data from the shipped software.

 

Application side

web application firewall; all web requests must be performed under SSL and must be authorized via an application session or secret token; applications must declare as few permissions as possible, release mode removes all test, debug and source code information, Data and files, etc.; do not store application/user data on SD card, encrypted SQlite database, etc.

 

Service-Terminal

Communicate securely with TLS-enabled devices, update systems in real time, delete outdated data, prohibit unnecessary services (such as viewing running services at startup), build firewalls, check and encrypt server data in real time, etc.

 

In addition, in terms of "publicity of content of the data collection" and "the exercise of user’s rights ", TINNO is constantly trying new things and implementing them.

 


TINNO products meet the requirements of the GDPR

 


About the GDPR

The General Data Protection Regulation (GDPR) was put into effect on May 25, 2018. The GDPR is a new legislation implemented by the EU for privacy protection. The GDPR, which first proposed that users have the "right to be forgotten",  clearly stipulates that data subjects have the right to require data controllers to delete personal data related to them and prevent their data from being disseminated. To protect personal privacy to the greatest extent, the GDPR strictly limits the conditions for companies and governments to use personal information and data. The regulation itself is large, far-reaching, and the most important data privacy change protection in decades. The GDPR will levy harsh fines against those who violate its privacy and security standards. There are two tiers of penalties, €10 million to €20 million or 2% to 4% of global revenue (whichever is higher).

 

Scope of the GDPR

The GDPR applies to global operating companies and not only applies to companies within the EU. If the company processes the personal data of EU citizens or residents, or the company offers goods or services to such people, then the GDPR applies to the company even if the company is not in the EU.

 

Core Concepts of the GDPR

The GDPR governs the processing of personal data of individuals in the EU by companies. The processing of personal data is a major activity that refers to obligations under the GDPR, The personal data is a very broad concept that refers to any relevant information of identified or identifiable individuals.

Data subjects have a wide range of rights including right to access, object, rectify, delete, restrict, and right to data portability and so on. The  processing of personal data generally requires the explicit consent of the data subject, which consent must be freely given, specific, explicit and informed.

 

 

For the GDPR, TINNO is ready and its products and services can meet the GDPR compliance requirements.

Tinno strictly complies with the GDPR and has established a special team to be responsible for compliance, putting user data security and privacy in the top priority. In 2017, Tinno overseas subsidiary WiKO had hired professional technical consultants who was constantly checking the completeness of the activities throughout the product chain, from development, design, production and sales, and conducted a special GDPR audit every year according to EU standards.

 


The specific treatment measures are as follows:

 

Product system

Putting privacy protection into the product R&D management system;

Meeting the relevant requirements of data security and privacy protection from the source code of the product system;

Closing or removing all related functions and data from the shipped software.

 

Application side

web application firewall; all web requests must be performed under SSL and must be authorized via an application session or secret token; applications must declare as few permissions as possible, release mode removes all test, debug and source code information, Data and files, etc.; do not store application/user data on SD card, encrypted SQlite database, etc.

 

Service-Terminal

Communicate securely with TLS-enabled devices, update systems in real time, delete outdated data, prohibit unnecessary services (such as viewing running services at startup), build firewalls, check and encrypt server data in real time, etc.

 

In addition, in terms of "publicity of content of the data collection" and "the exercise of user’s rights ", TINNO is constantly trying new things and implementing them.