Personal Data (Privacy Ordinance)

Hong Kong’s Personal Data (Privacy) Ordinance (PDPO) is the primary law governing data protection in Hong Kong, outlining the rights and obligations related to the collection, use, and transfer of personal data. The Personal Data (Privacy) Ordinance is managed by the Office of the Privacy Commissioner for Personal Data (PCPD) in Hong Kong. Further reading The Personal Data (Privacy) Ordinance

1 min

Personal Information Protection Law (PIPL)

The Personal Information Protection Law (PIPL) is a data privacy law that governs the collection, use, and transfer of personal information within China. It was passed by the National People’s Congress and came into effect on November 1, 2021. Further reading Mainland’s Personal Information Protection Law (PCPD) Related pages Personal Data Privacy Ordinance

1 min

Schrems II

Further reading Schrems II a summary – all you need to know The CJEU judgment in the Schrems II case (European Parliament) (PDF) What is Schrems II and how does it affect your data protection in 2021? (Thales) Related pages US CLOUD Act

1 min

Transfer Impact Assessment (TIA)

Introduced after Schremms II decision. Further reading Transfer Impact Assessment

1 min

Understanding the Data Controller's Role under GDPR

The EU and UK General Data Protection Regulation (GDPR) defines the role of the Data Controller, making them responsible for compliance and risk management under data protection laws. Understanding the data controller concept is essential to understand organisational obligations and to manage data protection legal risk. Defining the Data Controller A Data Controller is an entity (natural or legal person, public authority, agency, or other body) that determines the purposes and means of processing personal data. Simply put, they decide why and how personal data is used. ...

3 min