Data Privacy, Governance and Management

One of the most valuable assets in the world today is data, and one of the most valuable (and highly regulated) sub-sets of data is personal data. Experienced lawyers in Tanner De Witt’s Data Privacy, Governance and Management team provide legal advice and support to our clients on issues arising throughout the data life cycle, from data privacy issues arising from data collection, processing and use through to data retention and destruction – both in Hong Kong and the PRC and around the Asia Pacific region and globally.

We are the exclusive law firm member in Hong Kong of PrivacyRules, an international alliance of privacy experts that combines legal, technical, and data related expertise to assist clients globally with a multi-disciplinary and multilingual approach. We work with the assistance of local counsel that we recommend, instruct, and co-ordinate with to provide one point of contact for the client and one consolidated report of advice for multi-jurisdictional advice and surveys.

Members of our team are also accredited by the International Association of Privacy Professionals (IAPP).

We regularly advise on:

  • data privacy laws and regulations in Hong Kong, and in co-ordination with local counsel, the PRC, the APAC region and globally
  • data privacy policies and personal information collection statements
  • data privacy process and compliance reviews
  • legal issues to consider in data privacy impact assessments
  • data processing and transfer agreements, including transfer impact assessments
  • issues in personal data transfers and processing
  • data privacy by design and privacy by default advice
  • management of responses to data access requests
  • privacy issues in emerging technologies, such as artificial intelligence, blockchain, cloud computing and 5G
  • privacy issues in specific sensitive industry sectors, such as healthcare, life sciences, and education and on issues related to sensitive personal data
  • advice on GDPR, and in particular its effect in Hong Kong and outside the European Economic Area
  • big data


Lawyers in our Privacy and Data Protection team have advised on:

  • multi jurisdictional data privacy advice and surveys for leading international MNCs including global investment banks and leading internal consumer electronics corporations
  • multi-jurisdictional advice on privacy policy introduction for software based consumer delivery business
  • advice on personal data collected in clinical trial studies being conducted in Asia-Pacific in respect of new drug therapies
  • regulatory and compliance advice to an international professional services firm on the international transfer and migration of personal data to cloud platforms
  • data transfer and processing agreements, and related advice, in respect of sharing of personal data between operating entities in Asia Pacific for a multi-national property services firm
  • strategic advice on responses to Privacy Commissioner enquiries in relation to alleged data collection and processing issues from the technology platform operated by an event management business
  • guidance on GDPR compliance in respect of the conduct of various international businesses operating in Asia Pacific
  • guidance on compliance with direct marketing rules for various business
  • personal data process and compliance review for the Hong Kong operations of a US headquartered e-commerce business, including onsite interview, policy reviews, and team training
  • providing advice and assistance on data privacy and data management and governance to the Hong Kong and Singapore operations of one of the UK’s leading (and oldest) wine merchants