HK is the common abbreviation for Hong Kong, the special administrative region of the People’s Republic of China. The term “hk” can be used as a suffix or prefix to other words and expressions, such as “hk-based”, “hk-related”, and “hk-based company”. The meaning of “hk” may also vary, depending on the context in which it is used. Some examples include:

Data hk refers to the data relating to individuals that is processed by companies in Hong Kong. Such information may be collected, used, transferred or disclosed for purposes including marketing, creditworthiness assessment, assessing or collecting taxes or duties, or the prevention of unlawful or seriously improper conduct, news activities, or legal proceedings. The PDPO defines personal data as any data that relates to an individual, whether directly or indirectly, and can be used to identify the individual.

The PDPO does not contain any express provisions conferring extra-territorial application of its principles, but the data protection law in Hong Kong will continue to apply even if the entire processing cycle of an individual’s personal data takes place outside Hong Kong. In such cases, the PDPO requires that any data users, including those with no permanent establishment in Hong Kong, comply with all of its provisions.

Data Centre Facilitation Unit

The government’s Data Centre Facilitation Unit provides a one-stop helpdesk service for operators interested in setting up data centres in Hong Kong. The Unit can liaise with other relevant government departments on matters such as statutory approval processes, compliance requirements or procedures. It can also provide assistance in finding sites for data centres in Hong Kong.

In addition, the DPPO will require that data users take reasonable steps to minimise the risks posed by their processing of personal data and implement appropriate security measures. This is in line with international standards and the OECD’s Framework on Privacy by Design. The PDPO will also ensure that data users are transparent and accountable about their use of personal data.

The DPPO will bring new requirements and obligations on both data users and data controllers in Hong Kong, and will also set out detailed rules on the scope of data use and transfer. For example, the PDPO will specify that a data user must obtain consent from an individual before using their personal information for direct marketing purposes or sharing it with third parties. In addition, it will make the transferring of personal data to countries outside Hong Kong subject to the PDPO’s safeguarding and enforcement provisions. The PDPO will also introduce stricter penalties for data breaches. These include fines of up to HK$20 million. In addition, data controllers will be required to report serious incidents to the PDPO within 24 hours. This will allow the PDPO to monitor and enforce data protection compliance across Hong Kong’s business sector. The PDPO will come into effect in June 2018.