Recent high profile data breaches, for example that at Cathay Pacific, have highlighted the need to ensure that the expansion of the digital economy does not involve undue risks for consumers. Regulators both here in Hong Kong and overseas are ramping up their enforcement efforts and the €50 million fine recently imposed on Google by the French authorities is likely to be just the start.
In this seminar we will:
- Explain the fundamental concepts of the GDPR, including what constitutes "personal data", the obligations of the "data controller" and "data processor", the "data protection principles", "data privacy notices", the rights of data subjects and the enforcement powers available to the regulators;
- Explore the important practical differences between the GDPR and the Personal Data (Privacy) Ordinance (Cap 486 of the Laws of Hong Kong);
- Identify how companies can lawfully process Personal Data from Europe and whether the consent of data subjects is always required, including in the context of direct marketing;
- Highlight the ways in which companies can find themselves in breach of the GDPR and what they can do to ensure compliance, including the drafting of commercial contracts and privacy policies, and carrying out data protection impact assessments and audits;
- Discuss the role of the Data Protection Officer ("DPO") and whether HK businesses need to appoint one;
- Consider the application of the GDPR to data flows within organisations, including multi-national companies;
- Review a number of recent cases, both in Hong Kong and overseas and the lessons they hold for HK businesses;
- Explain what companies need to do if there is a breach of the regulations.
The presentation will look at real life examples and will seek to be of practical assistance to lawyers, data privacy professionals and businesses in Hong Kong.
With over 20 years of experience, Duncan Gillespie is an established solicitor specialising in all aspects of commercial and regulatory law.
Mr Gillespie was a Partner in a major international law firm in the City of London for nearly 10 years, where he specialised in EU and competition law. He now practices as an independent legal consultant specialising in all aspects of commercial law, including technology and engineering contracts, competition law, data protection and regulatory law.
His practice covers the following areas:
- UK and EU Competition Law
- Data Protection Law
- Commercial Law
- Public Procurement Law
- EU Trade and Free Movement law
- Energy and Telecommunications Regulatory Law