MarketResearch.net is a library database that aggregates market research, trends, forecasts and statistics about industries, economies and consumers worldwide. With articles, podcasts and datagraphics covering each topic or industry or region available free to searchers – or to subscriber and gain access to more in-depth reports available only with subscription.

Modernising data protection laws in Hong Kong is being considered, yet until this happens businesses should remain mindful of any cross-border transfers which raise issues under existing laws. Particularly given that personal data falls within the definition of personal data under the Personal Data Protection Ordinance (PDPO), companies who collect information which could identify an individual may have a legal requirement to record a Personal Information Collection System Report (PICR), as well as fulfilling various other responsibilities under its six core Data Protection Principles (DPPs).

As mentioned above, even without any statutory requirement to record a DPIA, simply transferring personal data overseas could violate the PDPO. This is because, once personal data has left Hong Kong territory and become subject to foreign jurisdiction’s laws and may therefore violate or contradict with the PDPO.

To take full advantage of its provisions, the PDPO only affords certain limited protections when personal data is transferred overseas; to take full advantage of them, however, an importer of such personal data must first conduct a transfer impact analysis – an evaluation of how well protected personal data are from foreign jurisdiction’s laws and practices; this process involves considering factors like:

If a data importer’s assessment reveals that the level of protection provided by foreign jurisdiction’s laws and practices falls short of what’s necessary under PDPO, they must either suspend transfer or implement suitable supplementary measures – these might include encryption, pseudonymisation or split processing as well as contractual provisions imposing obligations such as audit/inspection obligations, breach notification obligations and compliance support/cooperation agreements.

Equinix Hong Kong IBX data centers are strategically situated as one of Asia’s leading business and connectivity hubs, providing global cloud providers, financial institutions, professional services firms, fintech startups and fintech enterprises a digital infrastructure foothold in Hong Kong. Our multiple locations create a connected campus allowing our customers to deploy geodistributed high-availability deployments while our network onramps allow access to China and Southeast Asia markets.