Data Hong Kong (HKPCA) recently published an article that explores some of the key issues surrounding data HK, making it one of the essential tasks of any organisation that deals with personal information. Data HK enables individuals to verify whether the information they have is accurate before making informed decisions based on it. Thus it remains an indispensable asset in keeping business running smoothly.
An essential question when conducting operations in Hong Kong or outside Hong Kong is whether they fall under the Personal Data Protection Ordinance (PDPO). Under this act, someone who controls the collection, storage, processing or use of personal data in either location (Hong Kong or abroad) would fall within its scope. ‘Use’ refers to any disclosure or transfer to third parties of personal data by this data user.
If a person in Hong Kong or from outside Hong Kong transfers personal data to another party, they must first obtain the voluntary and explicit permission of the data subject to do so. Furthermore, personal data should only be released for new purposes when its original use remains relevant.
An additional challenge lies in assuring that protection offered in foreign jurisdictions matches or surpasses that offered in Hong Kong, and this can be accomplished using both technical measures and contractual provisions. These may include encryption, anonymisation or pseudonymisation techniques and split or multi-party processing; contractual measures might include compliance support agreements and cooperation obligations.
At last, it is essential that any personal data being transferred is protected to an equal standard in both jurisdictions. This can be accomplished by requiring data exporters to implement appropriate safeguards; these could include technical measures or contractual provisions related to auditing, inspecting and reporting (AISR). Likewise, beach notifications should also be considered appropriate measures.
Possible changes to the PDPO include widening its definition of personal data to encompass any and all information about identifiable individuals, which would bring it in line with other legislative regimes such as China’s Personal Information Protection Law or Europe’s General Data Protection Regulation (GDPR).
Data protection has become a top priority, making it vital for businesses to put into place appropriate processes and systems to fulfill their data protection obligations. Otherwise, businesses could face significant fines for violating the PDPO or other data protection laws; with help and advice available online businesses can overcome this hurdle easily; by following this article’s tips they can ensure their processes and systems are as safe as possible, protecting customers while simultaneously competing effectively within global marketplace.