EU General Data Protection Regulation
EU General Data Protection Regulation (GDPR)
European Union (EU) - General Data Protection Regulation (GDPR)
The EU General Data Protection Regulation (GDPR), adopted in 2016, came into force on 25 May 2018. The GDPR involves new provisions and enhanced rights. In the wake of technological developments and globalisation and the constitutionalisation of the fundamental right to data protection in the EU, the GDPR aims to harmonise the framework for the digital single market, put individuals in control of their data and formulate a modern data protection governance.
Why is the GDPR relevant to Hong Kong organisations/ businesses?
In Hong Kong, the Personal Data (Privacy) Ordinance, Laws of Hong Kong (Cap 486) (PDPO) protects the privacy of individuals in relation to personal data. When the PDPO was drafted, reference was made to the relevant requirements under the OECD Privacy Guidelines 1980 and the EU Directive. In consequence, the PDPO and the GDPR share a number of common features. Given that the GDPR constitutes significant developments, if not changes, of data protection law from the EU Directive, the new regulatory framework includes a number of requirements that are not found under the PDPO.
One of the key developments introduced under the GDPR to the data protection landscape outside the EU is the explicit requirement of compliance by organisations established in non-EU jurisdictions in specified circumstances. Given the diversified business or transaction models (e.g. online transactions), it is all the more important for businesses in Hong Kong to ascertain if the GDPR is applicable to them, and to keep up with the new developments.
Publication on the GDPR
To raise the awareness amongst organisations / businesses in Hong Kong of the possible impact of the new regulatory framework for data protection in the GDPR, the PCPD has issued the following publication:
 |
Booklet: European Union General Data Protection Regulation 2016 (Effective 25 May 2018) |
Activities on the GDPR
As the regulator on protection of personal data privacy in Hong Kong, the PCPD will continue to proactively assist local data users in understanding and complying with data protection regimes overseas. The PCPD has been organising educational activities since late 2017 to help organisations / businesses understand the GDPR’s standards and the possible impact on their operations.
>>> Click here for more information about the GDPR activities
Update
- European Data Protection Board (EDPB) Guidelines on certifications under the GDPR (draft) New!
- EDPB Guidelines on derogations under the GDPR in the context of international data transfers New!
More Information on the GDPR
- Hong Kong Lawyer (June 2018 issue) - EU GDPR and HK PDPO: What's the Difference? New!
- PCPD's Media Statement (3 April 2018) - How Hong Kong Businesses Should Prepare for the EU General Data Protection
-
Organisations / businesses may browse the website of the European Commission on protection of personal data for details and the related guidance materials:
http://ec.europa.eu/justice/data-protection/index_en.htm