Data hk is a new portal created by the Hong Kong Privacy Commissioner for Personal Data (PCPD) to raise awareness and facilitate compliance with the Personal Data (Privacy) Ordinance (PDPO). It contains key concepts, requirements and obligations from PDPO; in addition to helpful links to relevant guidance provided by PCPD.

The portal serves as an invaluable resource for businesses and individuals handling personal data. However, it should not replace existing guidance nor serve as an alternative to PCPD’s own comprehensive and authoritative guidance on the PDPO and its requirements; which can be found free of charge in both English and Chinese versions of its application.

Data is increasingly being utilized for many different uses and purposes, from processing, combining and analysing it for product creation and services to using it to inform public policy and governance decisions.

Data gathering, storage, protection and sharing presents many risks and challenges for organizations and individuals. Use of data can result in loss of privacy or misuse of confidential information that compromises trust between organisations and individuals; there can also be issues regarding its quality and availability – this may involve format restrictions, licence issues or not being usable for specific applications or uses.

Understanding and interpreting data presents another significant hurdle, due to its complexity, various formats used for storage or difficulties encountered when comparing different data sets from different sources. Furthermore, concerns have been expressed over protecting and safeguarding such information when stored locally or transferred overseas.

Companies need to ensure that they meet their PDPO obligations when making cross-border transfers from Hong Kong. The PCPD has provided detailed guidance in this area, including recommended model clauses to include in data transfer contracts – whether as separate agreements, schedules to main commercial agreements, or contractual provisions within these main commercial agreements themselves.

One of the chief differences between the PDPO and other legislative regimes is its definition of personal data. Under its provisions, “personal data” refers to information related to an identifiable natural person that includes not only names and identification numbers but other factors that can uniquely identify an individual. This definition aligns with international norms as well as that set forth by mainland China’s Personal Information Protection Law as well as Europe’s GDPR regulation.

One key distinction is that Hong Kong’s PDPO does not cover anyone without operations governing the collection, holding, processing or use of personal data in or from Hong Kong – this being one aspect of its “one country, two systems” principles governing its governance.