Popular articles
Can I act as a Data Protection Officer if I run a small business?
Yes. Although there is no mandatory requirement to appoint a Data Protection Officer (DPO), in Privacy Management Programme — A Best Practice Guide, the Privacy Commissioner for Personal Privacy, Hong Kong (PCPD) recommends implementing a Privacy Management Programme (PMP) and appointing a DPO.
For small businesses, the owner or operator should serve as the DPO, whereas for large organisations, it should be a senior executive.
Conclusion: If you own/run a small business, you should serve as the DPO. You are responsible for structuring, designing and managing the PMP, including all procedures, training, monitoring/auditing, documenting, evaluating, and follow-up.
Additional Resources
Learn more about compliance for online businesses in Hong Kong in our blog on how to comply with the Personal Data (Privacy) Ordinance (PDPO) for an online business.
Need help navigating this issue? Check out Ask.Legal — our AI-powered legal assistant is ready to help 24/7.
