In this privacyespresso episode Padraig Walsh from the law firm Tanner De Witt, Hong Kong exclusive law firm of the PrivacyRules alliance, provides us with a brief update on the changes in Hong Kong’s privacy legislation horizon.
The changes regard the following topics,
- Introduction of a regulation for data processors
- Mandatory requirements for businesses to have a data retention policy
- Administrative fines for the PDPC
- A mandatory data breach reporting obligation
According to Pàdraig, the most interesting seems to be the data breach and the retention policies requirements as they can determine a cascade of relevant changes within the country framework and a relevant reaction in terms of business compliance efforts. Also, this would help the Country and the businesses to catch up with the international data protection laws standards in particular if considered with the implementation of the new turnover-based fines!
Our discussion then continues debating on how these propositions were actually proposed back in 2020 and really awaited by privacy experts in order to have an updated regime. In this regard, Pádraig notices that a key driving reason for this change to happen now may be very well related to the Hong Kong need to comply with the high-level Chinese law requirements for data transfers.
To conclude, Pádraig also shares some insights on data transfers as the topic where he would expect/look for further developments in the near future. This is because such a change would support Hong Kong to achieve the ever-higher standards required by other data protection laws.
Watch this privacyespresso to know more