|Event “Demystifying GDPR – what does it mean for SME”|
The ICT Business Council of the European Chamber of Commerce in Hong Kong (EuroCham) held a breakfast seminar on General Data Protection Regulation (GDPR).
The process of modernization and digitalization currently shaping the world has a direct impact on our approach to data. In this evolving context, new questions arise and the protection of personal data is becoming more of a priority. In order to tackle this concern, the European Union introduced a new regulation: the General Data Protection Regulation (GDPR), approved in April 2016, will finally enter into force on May 25th, 2018.
During the seminar, the speakers addressed the uncertainties around GDPR and gave practical advice on how to align business with the main changes introduced by this new regulation. In fact, while highlighting the positive impact of GDPR on the protection of all EU citizens’ data privacy, it is important for businesses in Hong Kong to understand its implications given their global exchange in terms of data.
The participants focused on:
In order to comply with this regulation, two main steps emerged. First, it is necessary to be transparent about the questions: Why do you want to collect data? How are you protecting the data? Secondly, it is the responsibility of the company to know and to understand what kind of personal data it is dealing with, as well as how and where the data is stored.
The speakers also offered specific suggestions to facilitate the compliance of the participants’ companies with GDPR. For example, going through the company’s database, modernizing its structure and business model, along with the appointment of a Data Protection Officer (DPO) with a strong expertise of GDPR, might ease the respect of these new norms.
Important concepts in the context of the regulation were tackled: data controller, data processor, consent, data portability, the right to be forgotten, etc. However, despite a comprehensive discussion on GDPR, during the open panel the participants agreed that there are still some uncertainties on the legal parts of the regulation. In fact, in the final remarks, the moderator concluded that information data management occupies a sensitive and prominent position in this new design of data privacy.