GDPR, PDPO and PIPL – A comparison

GDPR, PDPO and PIPL – A comparison

Data protection legislation around the world exhibits a remarkable diversity in terms of scope, principles, and enforcement mechanisms. The most notable distinction is between the comprehensive, rights-driven approach adopted by some countries and the more sector-specific and flexible frameworks employed by others.

The EU Data Protection Regulation ("EU GDPR") heralded a step change in data protection law throughout the region. The GDPR continues to apply in the UK following Brexit as the “UK GDPR”, supplemented by the Data Protection Act 2018 ("DPA"). The EU/UK GDPR have traditionally been seen as setting the "gold standard" for data protection law internationally, with robust individual privacy rights, strict consent requirements, and substantial penalties for non-compliance.

The Personal Data (Privacy) Ordinance ("PDPO") in Hong Kong and the Personal Information Protection Law ("PIPL") in the Republic of China are both comprehensive data protection regimes, with certain concepts that are aligned with those of the EU/UK GDPR. Despite a number of similarities across the three regimes, there are also notable differences, which are explored further below. For more information on EU/UK GDPR, the PDPO and PIPL, or any other data protection and privacy queries, please contact a member of our data protection team.

GDPR, PDPO and PIPL – A comparison

Katie HewsonKatie HewsonView biography
Katherine LiuKatherine LiuView biography
Author
Author
© Stephenson Harwood LLP 2023. Information contained on this page is current as at the date of first publication and is for general information only. It is not intended to provide legal advice.