Data Hk – What You Must Know Before Getting Started With Data Hk
Data hk involves collecting, mining and pooling of information for use within companies as an effective way of increasing customer service and providing insight. Furthermore, these processes also assist in analyzing and managing the business as a whole. However, before embarking on this procedure it is essential that one consider the advantages and disadvantages.
First and foremost, it is crucial to identify the data being transferred, taking a close look at its purpose and whether any obligations under PDPO apply. Secondarily, it must be established whether this data qualifies as personal under PDPO by reviewing which criteria it needs to fulfill before being classified as such (such as whether it relates to identifiable people).
Hong Kong has not updated the definition of personal data since 1996 when the Personal Data Protection Ordinance (PDPO) first came into force, unlike other legal regimes which have revised this concept by including elements such as name, identification number and location data within their definition of “personal data.” Moving closer towards GDPR-inspired standards could provide greater protection for individuals as well as increase compliance measures necessary for companies that utilize data.
Thirdly, it is essential that data transfer occurs for permitted purposes and that any new processing will fall under the original consent given by data subjects. This is particularly critical where processing personal data that was originally gathered for another reason (for instance marketing purposes) requires new consent from data subjects; otherwise the data user must seek express and voluntary permission from these subjects prior to continuing with any new purpose processing activities.
Fourthly, it is critical to assess the level of protection in the country where data will be transferred. This may involve reviewing local laws and practices as well as remedies available for breaches of personal data as well as protections available to data subjects. If inadequate levels of protection exist then data exporters must take measures to meet their obligations under PDPO by placing additional contractual provisions into their agreements.
Finally, when transferring personal data outside Hong Kong it is critical that controllers and processors understand their roles when doing so. Although the PDPO does not contain explicit provisions conferring extraterritorial application it is generally accepted that data users are accountable for the actions and omissions of their agents and contractors – meaning any Hong Kong data user must put contractual arrangements or other arrangements into place with processors they engage to protect personal data from unauthorised access, disclosure, loss, alteration or misuse.