GDPR (General Data Protection Regulation)

This webpage will improve the quality of the webpage through the use of data collected by cookies, allowing you to provide you with a more personalized experience when using the webpage. If you close this window and continue to browse this website without changing the cookie settings, you are accepting our use of cookies to collect data. Click here to learn more about our privacy policy.

The key changes and additional requirements introduced by GDPR are:

1. European data protection laws will now apply globally. Organizations established in the European Union and those located outside the European Union but dealing with personal data within the European Union or monitoring individuals within the European Union must now comply with European data protection laws.

2. Tighter sanctions for non-compliance with regulations. The maximum fine for violating the regulations will increase significantly to 4% of the company ’s global turnover, or 20 million euros per infringement, whichever is higher.

3. Newly established information disclosure obligation. The agency must now notify the relevant European data protection agency of the breach within 72 hours without undue delay and where feasible. In cases where the individual concerned is at high risk, the affected individual must also be notified without delay.

4. New requirements for privacy data governance, data arrangement and impact assessment. The agency now needs to appoint a data protection officer ("DPO") to implement and monitor GDPR compliance. Organizations are now required to plan their personal data processing procedures and conduct privacy impact assessments of higher-risk processing.

5. Require the implementation of "designed privacy protection". Enterprises must now take a proactive approach to ensure that when processing personal data, their appropriate data protection standards are at preset levels.

6. Strengthen the rights of individuals to their personal data. Individuals have the right to delete their personal data from the system or online content ("right to be forgotten"), the right to avoid automatic data analysis (which will have legal effect), and those who are given or designated recipients to receive their personal data The right to have access to a copy ("right to transfer material").

7. Strengthen the requirements of the supply chain. Enterprises must ensure that third-party data processors implement GDPR-compliant security measures. These service providers will be responsible for their appropriate level of security, must record their handling cases and must obtain prior consent to use the sub-processor. Institutions may need to modify contracts with these parties to resolve these issues.


(GDPR) Hong Kong version translated into "General Data Protection Regulation"

Data Protection

Data Rectification

Data Report

Data Portability

Account Termination

Further reading
Hong Kong version translated into "General Data Protection Ordinance" General Data Protection Regulation

Chapter 486-Personal Data (Privacy) Ordinance

Installation and Setup Hong Kong version of the "General Data Protection Ordinance"