'Most Innovative Startup 2020' by RSA - Watch the videoLearn More
In Hong Kong, the Personal Data (Privacy) Ordinance (Cap. 486) (the "PDPO") regulates the collection, holding, processing, disclosure, and usage of personal data. The PDPO was enacted in 1995 and took effect from December 1996, but significant amendments were brought into it in 2012. The Data Protection Principles ( the “DPPs or DPP”), contained in Schedule 1 to the PDPO outline how entities should collect, handle, disclose, and use personal data. The Office of the Privacy Commissioner for Personal Data (the “PCPD”) is the regulatory authority that enforces the PDPO in Hong Kong and also issues several guidelines for the organizations to effectively comply with the PDPO.
The following are the major definations of key terms:
The PDPO prescribes the following rights for the data subjects;
The PDPO applies to private and public sector organizations that process, use, hold, or collect personal data. It covers any organization that deals with the collection and processing of personal data irrespective of the location of processing provided that the personal data is controlled by the data user based in Hong Kong.
The PDPO provides the following exemptions for the processing of personal data in Part VIII;
The PDPO does not directly regulate data processors; therefore, they do not directly come under the application scope of the PDPO. However, data users are required to, by contractual or other means, ensure that their data processors meet the applicable requirements of the PDPO.
Under the PDPO, noncompliance with DPPs is not considered an offense; however, contravention of specific provisions of the PDPO is an offense that can result in hefty fines and imprisonment.
The PCPD has issued a table detailing the penalties for each contravention of the PDPO. This table can be found here.
SECURITI.ai’s award-winning compliance solution revolves around the concept of PrivacyOps, which calls for utilizing robotic automation, artificial intelligence, and machine learning. This system provides enterprises with a system that automates the majority of compliance tasks, freeing up crucial resources for other areas of business.
SECURITI.ai helps businesses discover data over a web of internal and external systems, links personal data with each individual, conducts an automated internal assessment of policies as well as third-party vendors, manages consent, and does a lot more!
While businesses may hesitate to take the leap towards automation from their current manual methods for fear of the costs and change in infrastructure, it is clear that automation is truly the way forward. Automation increases ROI as well as productivity lowers cost and improves accuracy. It pays for itself and brings organizations several benefits along with it.
Automation helps you with swift and efficient compliance with the PDPO as well as other data privacy regulations. Watch it in action today!