Data hk is an interactive map providing details about Hong Kong mobile networks and providers, showing their locations as well as coverage areas. This website also details available connections and roaming rates – the latter can often be costly; fortunately there are multiple operators in Hong Kong with affordable data plans that offer better alternatives.
There is a complex web of laws and practices governing cross-border personal data transfers, from those set out in the PDPO to other laws such as national laws or industry codes or standards. One of the primary challenges encountered in data transfer involves moving between jurisdictions that possess different regulatory regimes.
An Hong Kong data exporter typically must conduct a transfer impact assessment if the destination jurisdiction’s law does not offer sufficient protection to personal data subjects. An impact analysis provides valuable insight into what additional steps must be taken in order to bring protection up to par with what Hong Kong law demands; these may involve technical or contractual means.
Due to GDPR’s application in their business operations, Hong Kong data exporters increasingly find themselves required to undertake a transfer impact assessment as part of their data export processes. This is especially relevant when offering goods or services directly to data subjects in the European Economic Area (“EEA”) or monitoring their behavior there. Such assessments serve as valuable tools in establishing whether legal grounds exist for sending personal data out of Hong Kong for processing in Europe and, if needed, provide identification of supplementary measures which must be adopted to achieve compliance with GDPR in that region.
In addition to conducting a transfer impact assessment, the PDPO requires data users to take contractual or other means in order to protect personal data transferred outside Hong Kong from unauthorised or accidental access, processing, erasure, loss or misuse and be retained for no longer than necessary for its purpose of processing. Typically this involves contracting processors that comply with DPP 1 (Purpose and Collection of Personal Data) and DPP 3 (Usage of Personal Data).
Finally, the PDPO recognizes that data users are responsible for any breach by agents or contractors of their obligations under it; this liability extends even when operating overseas. Therefore, businesses have an incentive to ensure their overseas operations comply with PDPO; in this regard it should be noted that PCPD has published recommended model contractual clauses for cross-border data transfers that meet both GDPR and PDPO requirements.