Skip to main content
Image coming soon

Hong Kong PDPO Evidence & Implementation Kit

$249.00
Adding to cart… The item has been added
Hong Kong PDPO · Personal Data (Privacy) Ordinance · Evidence & Implementation Kit
Meet Hong Kong's PDPO, without decoding the six principles yourself.
Every obligation handed to you as an adopt-ready control, from the six Data Protection Principles through direct marketing and the anti-doxxing offences to access and correction, with the evidence the PCPD examines.
PDPO-ready in a weekend, not a quarter.

Here is the honest situation. Hong Kong's Personal Data (Privacy) Ordinance, enforced by the PCPD, is built on six Data Protection Principles covering collection, accuracy and retention, use, security, openness, and access and correction. On top sit strict direct marketing rules with criminal offences, the 40-day data access request deadline, and the anti-doxxing offences that criminalise disclosing personal data without consent to cause harm. A data user that handles data reasonably but cannot show its collection statement, its 40-day responses or its direct marketing consent is exactly where data users fall short.

This Kit removes the guesswork. It is the PDPO written as adopt-ready controls you personalize in a weekend, with the evidence the PCPD examines.

What you get, the moment you buy

18
Obligations as adopt-ready controls. Every obligation, from the six principles through direct marketing and doxxing to access and correction, written so you personalize and apply it.
18
Evidence-they-examine checklists. For each control, exactly what the PCPD examines, plus where data users fall short, so you close the gap first.
1
PDPO Control Matrix, pre-built. Every obligation in a working spreadsheet, ready to record status, owner and evidence location.
1
Gap & Readiness Assessment. Score each obligation and the workbook returns your readiness as a single percentage, and exactly what to fix next.

Grounded in Hong Kong's Personal Data (Privacy) Ordinance, with the six Data Protection Principles, the collection statement, direct marketing rules, security, openness, the 40-day access request, correction and the anti-doxxing offences called out. Editable Word and Excel files.

Direct marketing and doxxing carry criminal offences
The PDPO is not just principles: its direct marketing rules and its anti-doxxing provisions carry criminal offences, and data access requests must be answered within 40 days. Treating the PDPO as guidance rather than enforceable law is a mistake. This Kit builds the six principles, direct marketing and doxxing controls with the evidence the PCPD asks for.

What one control looks like

This is confirming how the PDPO applies, where scope begins. All 18 are built to this depth.

HK-1 Confirm how the PDPO applies SCOPE
Put this control in place

Determine and document how the Personal Data (Privacy) Ordinance applies to [your organization name] as a data user that controls the collection, holding, processing or use of personal data, so scope is clear and the organization can evidence its applicability assessment.

Regulatory note.

Hong Kong's Personal Data (Privacy) Ordinance (Cap 486), overseen by the PCPD, regulates data users' handling of personal data through six Data Protection Principles.

Evidence the PCPD examines
  • An applicability assessment against the PDPO
  • Data user role identified
  • Records of the determination
Common finding they raise: An organization does not assess whether the PDPO applies to it.

Why this is not another template pack

  • The evidence is the point. An obligation you cannot evidence is an enforcement risk. This tells you what the PCPD examines and where data users fall short, for every obligation.
  • The six principles and marketing rules built in. The six Data Protection Principles, the direct marketing consent and the 40-day access request are written into the controls, the substance the PDPO requires.
  • Built on a mapped compliance corpus, not one person's opinion, from a graph of thousands of controls across standards.
  • It compounds. The PDPO shares concepts with other Asian privacy laws, so this work feeds your regional privacy program.

Who buys this

Data users processing personal data in Hong Kong and their privacy, legal and marketing leads. Whether it is a first alignment or a PCPD-readiness pass, you save weeks and walk in with the six principles and marketing rules structured.

By the end of the weekend you will have
✓  An adopt-ready control for all 18 obligations
✓  A completed PDPO control matrix
✓  The evidence the PCPD examines
✓  Your collection statement and access process in place
✓  A readiness percentage and a fix list
✓  The direct marketing and doxxing gaps closed

Common questions

Is it really editable? Yes. Word and Excel files you own and adapt. No portal, no subscription.

Does it cover the direct marketing offences? Yes. Obtaining consent, providing opt-out and honoring it before direct marketing is built as a control.

Does it cover data access requests? Yes. Responding to data access requests within the statutory 40 days is built as a control.

Is this legal advice? No. It is an implementation toolkit grounded in the PDPO. For a specific matter consult counsel; this gets your controls and evidence in order fast.

What if it is not for me? A 30-day money-back guarantee.

Do not process data in Hong Kong with obligations you cannot show.
Every PDPO obligation is fast to adopt with the Kit. It is instant, and it is guaranteed.
Add it to your cart and be PDPO-ready this weekend.

Instant digital download · 30-day money-back guarantee · The Art of Service Pty Ltd, GPO Box 2673, Brisbane QLD 4001 · support@theartofservice.com