What are the penalties for non-compliance with any applicable data protection laws?
Non-compliance with data privacy laws and data breaches may lead to sanctions, fines, and penalties. The amounts are usually calculated according to the risk to which personal rights were exposed and the preventive measures taken by the data controllers, processors and sub-processors in relation to their respective role in the chain of personal data processing.
Hong Kong’s Personal Data (Privacy) Ordinance doesn’t create direct criminal offences for non-compliance with the data protection principles. Instead, the Privacy Commissioner may serve Enforcement Notices directly to data users to direct them to remedy the issue, and, if applicable, prevent recurrence. Not following an enforcement notice can result in a fine of up to HK$50,000 and up to 2 years’ imprisonment on the first conviction. In addition, individuals who suffer damages (including emotional damages) can seek compensation.
Misusing or inappropriately using personal data in direct marketing, non-compliance with individual data access requests and unauthorized disclosure of personal data can result in criminal penalties.
HR Best Practices: Before processing personal data, make sure to be in line with the security measures necessary to ensure data security within your organization. In the event an employee or third-party performs a wrongful act, employers may only be able to avoid liability in cases where the employer can prove reasonable practical steps were taken to prevent the employee (or third-party) from engaging in wrongful acts and practices.
Led by PeopleDoc’s Chief Legal & Compliance Officer, the HR Compliance Assist team relies on a network of internal and external compliance experts and lawyers, including the global law firm Morgan Lewis, to provide clients with best practices and recommendations on topics such as HR document retention, employee data privacy, and HR electronic records. HR Compliance Assist also provides local compliance monitoring and alert services in select countries where PeopleDoc’s customers have employees. HR Compliance Assist is a service exclusively available to PeopleDoc customers.