Introduction
Data Privacy
Personal data is among the most valuable assets in the world today, and also among the most regulated. Experienced lawyers in Tanner De Witt’s data privacy team provide legal advice and support to our clients on issues arising throughout the data life cycle. We advise clients on data privacy issues arising from data collection, processing and use through to data retention and destruction – in Hong Kong, the PRC, around the Asia Pacific region and globally. We help clients with the design, preparation, implementation and training for privacy management programmes. We provide data breach response services via our dedicated cybersecurity practice.
Tanner De Witt is uniquely positioned to leverage our connection to an international alliance of privacy experts that combines legal, technical, and data-related expertise to assist clients globally with a multi-disciplinary and multilingual approach. We work with the assistance of local counsel that we recommend, instruct, and coordinate with to provide one point of contact for the client and one consolidated report of advice for multi-jurisdictional advice and surveys.
We regularly conduct customised client training in respect of data privacy and protection, and support clients on privacy awareness programmes.
Members of our team are also accredited by the International Association of Privacy Professionals (IAPP).
Key Contacts
Services
We advise on:
- Data privacy laws and regulations in Hong Kong, and in coordination with local counsel, the PRC, the APAC region and globally
- Design and implementation of privacy management programmes
- Data privacy policies and personal information collection statements
- Data privacy process and compliance reviews
- Data privacy impact assessments
- Data processing and transfer agreements, including transfer impact assessments
- Issues in personal data transfers and processing
- Management of responses to data access and correction requests
- Data breach response and engagement with regulators
- Data privacy by design and privacy by default advice
- Privacy issues in emerging technologies, such as artificial intelligence, blockchain, cloud computing, edge computing and 5G
- Privacy issues in specific sensitive industry sectors (such as healthcare, life sciences, and education) and on issues related to sensitive personal data
- Privacy issues in employment and HR matters
- Advice on GDPR, including consequences of GDPR extra-territorial effect and gap analysis to Hong Kong laws
Experience
- Advising and assisting leading international MNCs, including global investment banks and leading internal consumer electronics corporations, to conduct multi-jurisdictional data privacy advice and surveys
- Advising and assisting a software-based consumer delivery business in its privacy policy introduction across multiple jurisdictions
- Advising pharmaceutical companies in respect of data collected in clinical trial studies of new drug therapies conducted in Asia Pacific
- Advising an international professional services firm on the regulatory and compliance aspects of international transfer and migration of personal data to cloud platforms
- Advising a multi-national property services firm with respect of the sharing of personal data between operating entities in Asia Pacific and drafting of related data transfer and processing agreements
- Advising an event management business on strategic responses to Privacy Commissioner enquiries in relation to alleged data collection and processing issues from its technology platform
- Advising and assisting a US-headquartered e-commerce business in a personal data process and compliance review for its Hong Kong operations, including onsite interviews, policy reviews and team training
- Advising various international businesses operating in Asia Pacific on GDPR compliance, including numerous transfer impact assessment exercises
- Advising various businesses on compliance with direct marketing rules