What is GDPR?

GDPR may be one of the most important regulation about personal information usage around the globe these years.

Introduction to GDPR


GDPR (General Data Protection Regulation), is a regulation about cybersecurity and use of personal data privacy passed by the European Union. It is applicable to enterprises or organisations which stores and uses personal information of members of the European Union. Many enterprises around the world has reformed and updated their cybersecurity, use of their client’s personal private information and the related regulations due to the heavy penalty imposed.

StormEye collaborates with the law firms in the European Union, providing relevant company policies, and practical cybersecurity training lessons for the Hong Kong and Asia market.

Relationship between GDPR and Hong Kong Companies

What companies need to comply with GDPR?

Your company will have to comply with GDPR if your company database has personal information of more than one EU resident.

Any examples?

Online shops, discussion forums, enterprises that have membership function or company websites that have newsletter subscription.

My company does not have office in the European Union

The GDPR committee may look into your company in various manners.

Penalty when GDPR is violated


Under different circumstances, GDPR will ask for different penalties from enterprises or companies, one of them include 4% of the yearly turnover of the company or 20,000,00 euro, whichever is higher.

There are numbers of cases with fines more than one billion dollars due to the heavy penalties imposed.

(content written based on https://gdpr.eu/what-is-gdpr/ )


For the most updated penalties, refer to https://www.enforcementtracker.com/

The Five Major Differences between GDPR and the Personal Data (Privacy) Ordinance of Hong Kong


  1. Scope of coverage: GDPR is applicable to enterprises all around the world when the database of the business include members of the European Union.

  2. Reporting: GDPR requires companies to report to relevant parties within 72 hours when they discover cybersecurity affairs.

  3. Penalty: the Personal Data (Privacy) Ordinance of Hong Kong does not have a clear guideline about the penalty while GDPR has a heavy penalty.

  4. DPO (Data Protection Officer): GDPR clearly states that each company should have at least one DPO, taking charge of cybersecurity and customer data protection in different aspects. This position can be employed internally or externally.

  5. User rights: GDPR defined 8 rights that users should enjoy. Enterprises should help users enjoy their rights.

More related information


Website of the GDPR committee



Facebook Dating postponed in Europe over GDPR compliance



Comparison between GDPR, PDPO and SB-327 (California’s new IoT Security Law)


GDPR Service offered by StormEye

Website privacy information consultancy services

For company’s website that have membership function, a personal data privacy statement consulted by a professional legal team would be essential. As your professional and efficient partner, our company can finish as fast as two weeks, eliminating complicated and repetitive quotations, and at a reasonable price. To protect your company’s interests, we can also issue certifications for your confidence.

Proessional privacy regulation consultancy services

Our company has different experience serving enterprises. We can help refine your cybersecurity, privacy protection and cybersecurity technology improvement, step by step from the very beginning. Feel free to email us, using 15 minutes for simple understanding with a phone call, and proceed to the next decision.

Service Process

Start Consultation

The company will need to provide basic information, such as company name, address, and the industry.

Learn more at appointment

About the company operations and personal privacy policies.


Based on the industry and risk quotes.

Confirmation of consultancy information

Adjustment to content and quotation based on the companies’s resources and needs.

Start working

During our work, additional information from the company may be required and all information will be kept strictly confidential.

First draft

The Hong Kong team will first summarise and give advice regarding the first draft. After discussing with the company, the team will revise the finalised first draft.

Professional lawyer advice

After finishing the revised edition, it will be handed over to the cooperating law firms in the European Union for the final advice. It may require additional information from the company during the process.


The company can start to use the service.

Review every two years

StormEye provides review service every two years.