Data protection is essential to any business, and businesses must know what they can do to safeguard both their own data as well as those who could be negatively impacted by that data. A data hk is a set of guidelines which dictate when and how long data should be stored; they also specify who can access that data hk, making databases and spreadsheets invaluable tools for uncovering consumer trends and patterns.
Hong Kong is widely acknowledged to be a global leader in data protection, boasting an industry-leading regulatory environment and multilingual workforce that make the city attractive as a location for regional data centres. However, interpretation of key data privacy concepts may differ between jurisdictions; Padraig Walsh of Tanner De Witt’s Data Privacy Practice Group provides some key considerations when moving personal data either out or into Hong Kong.
Hong Kong Government is reviewing and proposing amendments to the Personal Data (Privacy) Ordinance (“PDPO”). One proposal requires businesses to establish a data retention policy outlining how long personal information collected will be kept for.
This requirement would go beyond existing obligations on data users to keep data within Hong Kong or countries with which PDPO has an agreement, however there may be situations in which Hong Kong data users must conduct transfer impact analyses under foreign jurisdictional laws – particularly those that have adopted an “adequacy” regime.
Transfer impact assessments (TIAs) are conducted to evaluate the level of data protection in another jurisdiction. Although not mandatory under PDPO, transfer impact analyses have become an increasingly common part of business practice in Hong Kong – especially when they export personal data overseas or import it into Hong Kong from other jurisdictions.
Data importers must ensure that information they are importing meets with local laws in which it will be processed, or risk being found liable for violating the Personal Data Protection Ordinance (PDPO). Even if their original transferee entity was found not responsible, legal action could still take place against both. To reduce risks when transferring to Hong Kong and assess risks involved with data transfers to EU, businesses are strongly recommended to employ legal advisors familiar with both jurisdictions involved when making these transfers.