The GDPR grew to prominence around the world after it came into force in 2018. However, what exactly is it and do companies in Hong Kong necessarily need to comply with it?
What is the GDPR?
The GDPR essentially stands for the “General Data Protection Regulation”. It is a European Union regulation governing data protection and privacy within the European Union and the European Economic Area. It also governs the transfer of personal data outside these areas. The primary objective of the GDPR is to let individuals have control over their own personal data and to simplify the regulatory environment for international businesses by unifying the European Union’s regulations.
When do I need to make my company’s privacy policies compliant with the GDPR?
You must comply with the GDPR if your company collects or processes European Union users’ personal data, even if your company is in Hong Kong. As an overview, the EU law grants website visitors from the EU enhanced rights to have detailed information about the reason(s) for processing their data, the way that you will use it and the duration that you will store it.
The Privacy Commissioner of Hong Kong has issued a comprehensive booklet about GDPR and its relevance for Hong Kong organizations and businesses. Here’s a link to An Update on European Union General Data Protection Regulation 2016. If you do not comply with it, you may be fined up to €20 million or four per cent of your company’s annual revenues, whichever is higher.
For a template of a privacy policy document (GDPR compliant), you can download it here.
Bibliography:
- Office of the Privacy Commissioner for Personal Data, ‘EU General Data Protection Regulation (GDPR)’: https://www.pcpd.org.hk/english/data_privacy_law/eu/eu.html