The European Union (“EU”) General Data Protection Regulation 2016 (“GDPR”) entered into effect on 25 May 2018. A brief summary of the GDPR can be found in our Legal Update.
Organisations in Hong Kong may need to comply with the GDPR if it (1) has an establishment in the EU, where personal data is processed in the context of the activities of the establishment, regardless of whether the data is actually processed in the EU, or (2) does not have an establishment in the EU, but offers goods or services to or monitor the behaviour of individuals in the EU.
As some requirements in the GDPR are not found in Hong Kong’s existing Personal Data (Privacy) Ordinance (Cap. 486), the Privacy Commissioner for Personal Data issued a booklet (the “Booklet”) to outline the possible impact of the new regulatory framework on organisations or businesses in Hong Kong.
A number of features of the GDPR are highlighted in the Booklet, including the following:
- Extra-territorial application
- Personal data covered
- New data privacy governance, data mapping and impact assessment
- Sensitive personal data
- Consent
- Mandatory breach notification
- Data processors’ obligations
- New and enhanced rights for individuals
- Data rotection seals, codes of conduct and cross-jurisdiction data transfer
- Sanctions
The press release of the Privacy Commissioner for Personal Data, Hong Kong (PCPD) and the Booklet can be downloaded from the PCPD-website.
This article was originally published on AllAboutIP – Mayer Brown’s blog on relevant developments in the fields of intellectual property and unfair competition law. For intellectual property-themed videos, Mayer Brown has launched a dedicated channel.