Comparison of GDPR and Privacy Laws in China and Hong Kong
The General Data Protection Regulation (GDPR) was applied to the 28 EU member states on May 25, 2018. Based on the territorial scope defined in Article 3, the processing of personal data taking place outside the EU also requires compliance with this regulation, as long as the personal data is related to people in the EU. Moreover, headlines regarding growing privacy breaches in different companies, including technology giants, which have received fines of either EUR 20 million or 4% of total worldwide annual turnover, whichever is greater (Article 83), have aroused concern in different sectors regarding this privacy and security law – the toughest in the world.
This white paper provides a comparison of GDPR against the Personal Data (Privacy) Ordinance (PDPO) in Hong Kong, the Personal Information Protection Law (PIPL) in China and the robust privacy management frameworks of ISO/IEC 27701:2019 and ISO/IEC 27018:2019, considering the following aspects:
- Individual rights
- Other requirements of personal data protection