What is PMP?

Organisations handle vast amount of personal data, e.g. personal data of customers and employees, in the course of business operation. With the rising public expectations for privacy protection, organisations should go further than merely treating personal data protection as a compliance issue.

The Privacy Commissioner for Personal Data, Hong Kong (the Privacy Commissioner) has advocated since 2014 that organisations should develop their own Privacy Management Programme (PMP). Organisations should embrace personal data protection as part of their corporate governance responsibilities and apply them as a business imperative throughout the organisation, starting from the board room. This can, not only build trust with clients, but also enhance their reputation as well as competitiveness.

In fact, the European Union’s General Data Protection Regulation (GDPR) See European Union General Data Protection Regulation 2016 issued by the Privacy Commissioner, which came into force on 25 May 2018, expressly incorporates an accountability principle Sections 5, 24 and 25 of the GDPR. Apparently, the adoption of accountability approach in handling personal data through implementation of PMP becomes a global trend for organisations.

A PMP consists of the following three components:

Privacy Management Programme: A Best Practice Guide (Revised in March 2019)