Hong Kong Personal Data (Privacy) Ordinance (PDPO, Cap 486)
The Hong Kong Personal Data (Privacy) Ordinance (Cap 486, enacted 1996, significantly amended 2012 and 2021) regulates the collection, use, storage, and transfer of personal data. The Privacy Commissioner for Personal Data (PCPD) oversees compliance. The 2021 amendment criminalised doxxing. Establishes six Data Protection Principles (DPPs) governing the lifecycle of personal data. The PCPD has enhanced enforcement powers including criminal prosecution for doxxing.
Framework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.
Framework Domains (13)
HK PDPO 2021 Doxxing Amendment
| Code | Title |
|---|---|
| HK-PDPO-Doxxing-2021-Amendment-Cessation-Notices-Section-64A-D | HK PDPO 2021 Anti-Doxxing Amendment - Sections 64A-D + Cessation Notices + Two-Tier Criminal Offences + Extraterritorial Reach |
HK PDPO Coordination + 2024-2025 Pipeline
| Code | Title |
|---|---|
| HK-PDPO-Coord-China-PIPL-APEC-CBPR-2024-2025-Pipeline-AI-Breach | HK PDPO Coordination with China PIPL + APEC CBPR + Global CBPR Forum + 2024 Generative AI Model Framework + Pending 2025 Mandatory Breach + Administrative Fines |
HK PDPO Cross-Border
| Code | Title |
|---|---|
| HK-PDPO-CrossBorder-Section-33-PCPD-Guidance-Coord-China | HK PDPO Cross-Border Transfer - Section 33 (not yet in force) + PCPD 2022 Cross-Border Guidance + Recommended Model Contractual Clauses + China PIPL Coordination |
HK PDPO DPP1 Purpose + Collection + PICS
| Code | Title |
|---|---|
| HK-PDPO-DPP1-Purpose-Collection-Lawful-PICS | HK PDPO DPP1 Data Collection Principle - Purpose Specification + Lawful + Fair + Necessary + PICS |
HK PDPO DPP2 Accuracy + Retention + Records
| Code | Title |
|---|---|
| HK-PDPO-DPP2-Accuracy-Retention-Records | HK PDPO DPP2 Accuracy + Retention Principle + Records Management |
HK PDPO DPP3 Use + Direct Marketing
| Code | Title |
|---|---|
| HK-PDPO-DPP3-Use-Direct-Marketing-Consent-Section-35 | HK PDPO DPP3 Use Limitation Principle + Direct Marketing Prescribed Consent (Sections 35A-N) |
HK PDPO DPP4 Security + Processor + Breach
| Code | Title |
|---|---|
| HK-PDPO-DPP4-Security-Processor-Oversight-Breach-Handling | HK PDPO DPP4 Data Security Principle + Processor Oversight + Voluntary Breach Notification (pending mandatory regime) |
HK PDPO DPP5 Openness
| Code | Title |
|---|---|
| HK-PDPO-DPP5-Openness-Privacy-Policy-Statement | HK PDPO DPP5 Openness Principle + Privacy Policy Statement (PPS) + Transparency |
HK PDPO DPP6 Access + Correction + Complaints
| Code | Title |
|---|---|
| HK-PDPO-DPP6-Access-Correction-Complaints | HK PDPO DPP6 Data Access + Correction Principle + Data Access Request + Data Correction Request + Complaints |
HK PDPO Enforcement + PCPD Powers
| Code | Title |
|---|---|
| HK-PDPO-Enforce-PCPD-Powers-Penalties-Doxxing-Investigations | HK PDPO Enforcement - PCPD Investigation + Inspection + Enforcement Notice + Direct Marketing Penalties + Anti-Doxxing Powers + AAB Appeal |
HK PDPO Governance + PMP + DPO + DPIA
| Code | Title |
|---|---|
| HK-PDPO-Governance-PMP-DPO-DPIA-Records-Training | HK PDPO Governance Framework - Privacy Management Programme (PMP) + Data Protection Officer + Privacy Impact Assessment + Records + Training + Accountability |
HK PDPO Scope + Coverage + History
| Code | Title |
|---|---|
| HK-PDPO-Scope-Cap486-History-Coverage-2012-2021-Amendments | Hong Kong PDPO Cap 486 Scope + Coverage + Statutory History + 2012 + 2021 Amendments |
HK PDPO Sensitive + CCTV + Workplace + Children
| Code | Title |
|---|---|
| HK-PDPO-Sensitive-CCTV-Workplace-Children-Codes | HK PDPO Sensitive Data + CCTV + Workplace Monitoring + Children + Code of Practice on Human Resources Management + PCPD Sectoral Guidance |
Your Compliance Coverage
If you comply with Hong Kong Personal Data (Privacy) Ordinance (PDPO, Cap 486), you already cover:
GDPR
15%
2 controls mapped
Compare →Vietnam Law on Cybersecurity (No. 24/2018/QH14)
15%
2 controls mapped
Compare →Vermont Artificial Intelligence and Consumer Data Act (AICDA)
15%
2 controls mapped
Compare →+ 36 more: USMCA Chapter 19 - Digital Trade (United States-Mexico-Canada Agreement) (15%), US Children's Online Privacy Protection Act (COPPA) and COPPA 2.0 Proposed Updates (15%)
See all 39 mapped frameworks ↓Maps to 39 other frameworks
Frequently Asked Questions
What is Hong Kong Personal Data (Privacy) Ordinance (PDPO, Cap 486)?
Hong Kong Personal Data (Privacy) Ordinance (PDPO, Cap 486) is a compliance framework from Hong Kong with 13 domains and 13 controls. The Hong Kong Personal Data (Privacy) Ordinance (Cap 486, enacted 1996, significantly amended 2012 and 2021) regulates the collection, use, storage, and transfer of personal data. The Privacy Commissioner for Personal Data (PCPD) oversees compliance. The 2021 amendment criminalised doxxing. Establishes six Data Protection Principles (DPPs) governing the lifecycle of personal data. The PCPD has enhanced enforcement powers including criminal prosecution for doxxing. It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.
How many controls does Hong Kong Personal Data (Privacy) Ordinance (PDPO, Cap 486) have?
Hong Kong Personal Data (Privacy) Ordinance (PDPO, Cap 486) has 13 controls organised across 13 domains. The largest domains are HK PDPO 2021 Doxxing Amendment (1 controls), HK PDPO Coordination + 2024-2025 Pipeline (1 controls), HK PDPO Cross-Border (1 controls). Each control defines specific requirements that organisations must implement to achieve compliance.
What frameworks does Hong Kong Personal Data (Privacy) Ordinance (PDPO, Cap 486) map to?
Hong Kong Personal Data (Privacy) Ordinance (PDPO, Cap 486) maps to 39 other compliance frameworks. The top mapping partners are GDPR (15% coverage), Vietnam Law on Cybersecurity (No. 24/2018/QH14) (15% coverage), Vermont Artificial Intelligence and Consumer Data Act (AICDA) (15% coverage). Use our comparison tool to explore control-level mappings between frameworks.
How do I get started with Hong Kong Personal Data (Privacy) Ordinance (PDPO, Cap 486) compliance?
Start your Hong Kong Personal Data (Privacy) Ordinance (PDPO, Cap 486) compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about Hong Kong Personal Data (Privacy) Ordinance (PDPO, Cap 486) requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 13 controls and track your progress.
Start Your Compliance Journey
Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 718 frameworks.
Get Started Free →Free forever — no credit card required