With the increasing digitalization of our world, safeguarding personal data privacy has become a paramount concern. In Hong Kong, where businesses heavily rely on emerging technologies, prioritizing privacy and data security is imperative. Recently, a survey was conducted by The Office of the Privacy Commissioner for Personal Data, Hong Kong (PCPD) and the Hong Kong Productivity Council Cyber Security (HKPC Cyber Security) to gauge awareness and measures taken by enterprises in protecting personal data privacy. The survey results shed light on the challenges faced by businesses and highlight the need for effective privacy information management.

Recognizing Privacy Risks

According to the survey results, enterprises in Hong Kong demonstrated a general awareness of the privacy risks associated with emerging technologies. The surveyed enterprises rated the perceived privacy risks on a scale of 1 to 5, with 1 indicating no risk perceived and 5 indicating very high risk perceived. The average scores for different technologies were as follows:

  • Generative AI: Enterprises considered the use of Generative AI to have the highest level of privacy risk, with an average score of 3.06.
  • Cookies and online trackers: An average score of 3.00.
  • Cloud computing: An average score of 2.92.
  • Internet of Things (IoT): An average score of 2.83.

It is worth noting that among enterprises using these technologies, only around half (48%) had implemented internal guidelines to address the privacy risks associated with their use. The proportion of enterprises providing internal guidelines specifically for Generative AI was even lower, with only about forty percent (41%) having such guidelines in place.

Addressing PDPO Compliance

While most of the surveyed enterprises reported little to no difficulty in complying with the Personal Data (Privacy) Ordinance (PDPO), challenges were identified. Enterprises cited the increasing complexity of data processing activities, lack of employee knowledge or education, and resource limitations as key hurdles in PDPO compliance. These challenges emphasize the need for businesses to enhance their knowledge and resources to effectively adhere to privacy regulations.

Perception of Personal Data Privacy Protection

The survey results indicated that slightly over half of the surveyed enterprises held a neutral stance regarding the level of personal data privacy protection in Hong Kong. Only 18% considered the level of protection to be sufficient or very sufficient. These findings highlight the potential for improvements in the overall privacy landscape in Hong Kong.

ISO 27701: Elevating Privacy Information Management

To address the challenges and enhance privacy information management, businesses in Hong Kong can greatly benefit from ISO 27701 certification. ISO 27701 serves as an extension to the internationally recognized ISO 27001 standard, focusing specifically on privacy information management. By adopting ISO 27701, businesses can establish a robust framework for managing privacy risks and ensuring compliance with privacy regulations, including the PDPO.

Advantages of ISO 27701 Certification

  • Comprehensive Privacy Management: ISO 27701 provides a systematic approach to managing privacy risks, enabling businesses to effectively identify, assess, and mitigate privacy threats. It facilitates the implementation of policies, procedures, and controls to safeguard personal data throughout its lifecycle
  • Enhanced Compliance: ISO 27701 aligns with privacy laws and regulations, such as the PDPO. Businesses that achieve certification can demonstrate their commitment to privacy compliance and build trust among customers, partners, and stakeholders.
  • Improved Data Governance: ISO 27701 promotes a data-centric approach, prioritizing data protection, privacy by design, and data subject rights. It assists businesses in establishing transparent data governance practices, ensuring responsible handling of personal information.
  • Competitive Advantage: Attaining ISO 27701 certification showcases a company's dedication to privacy and data protection. It differentiates businesses from competitors and provides a competitive edge in today's privacy-conscious marketplace.


Insights from the survey are valuable in understanding the awareness of privacy risks and challenges faced by enterprises in Hong Kong. ISO 27701 certification offers businesses a comprehensive framework to strengthen privacy information management, enhance compliance, and gain a competitive advantage. Contact DQS today to learn more about ISO 27701 certification and how it can benefit your organization.

Relevant Services by DQS


Blog Author of DQS HK