The Legal Aspect of Data Hk

The Legal Aspect of Data Hk

Data hk is a topic that has become of increasing concern to many people and the issue of data protection has never been more important. Having the right tools and techniques in place is key to maintaining data security. However, in addition to the physical and technical security of your data it is also important to consider the legal aspect. This is particularly true when it comes to cross-border transfers of personal data.

Firstly, it is worth remembering that the PDPO applies to any person who controls the collection, holding, processing or use of personal data whether it be within Hong Kong or outside of it. The term “control” is widely interpreted and includes being alone or in common with other persons, owning, controlling or being a member of the management of an entity that controls the collection, holding or processing of personal data.

This is important because if a person transfers personal data across borders then he or she will be a “data user” under the PDPO and will therefore have significant and onerous obligations to fulfil in respect of those six DPPs. One of those obligations is the requirement to comply with the rules and provisions on data transfer in and from Hong Kong.

Specifically, the PCPD has published two sets of recommended model contractual clauses to cater for different scenarios – either when a Hong Kong data user is transferring data to another data user outside Hong Kong or between two entities both of which are outside of Hong Kong and where the transfer is controlled by a Hong Kong data user. These clauses, which are based on the model clauses developed by the European Union under GDPR, require the data importer to undertake not to transfer the personal data it receives from a data user outside of Hong Kong to any class of person that was not included in the PICS notified to the data subject on or before the original collection of the personal data and not to use the transferred personal data for a purpose that is not in relation to the agreed purposes.

A further requirement, which is similar to the GDPR rules on international data transfers, is that the transferee must agree to submit itself to the jurisdiction of, and co-operate with, the relevant supervisory authority in the event of a breach of the standard contractual clauses. This is a very important point because it makes the clauses potentially binding on the data exporter, even though Hong Kong law does not otherwise confer extra-territorial application.

Global Switch Hong Kong is a leading provider of managed data centres, providing best-in-class infrastructure focused on resiliency. It offers a wide range of colocation services from single points of presence to multi-megawatt data hall solutions. The data centre features include a 100% utility power supply capacity, fully diverse distribution to technical areas and a raised floor system offering exceptional power densities. The facility is supported by a 24/7 operations and engineering team, providing the highest level of service for customers.