General Data Protection Regulation (GDPR)

It is a regulation about cybersecurity and use of personal data privacy passed by the European Union and applicable to enterprises or organisations which stores and uses personal information of members of the European Union
《通用數據保障條例》(GDPR) General Data Protection Regulation
Introduction to General Data Protection Regulation (GDPR)

GDPR (General Data Protection Regulation), is a regulation in EU law on data protection and privacy which contains provisions and requirements related to the processing of personal data of individuals who are located in the EEA, and applies to any enterprise, regardless of its location and the data subjects’ citizenship or residence, that is processing the personal information of individuals inside the EEA. Many enterprises around the world has reformed and updated their cybersecurity, use of their client’s personal private information and the related regulations due to the heavy penalty imposed. StormEye collaborates with the law firms in the European Union, providing relevant company policies, and practical cybersecurity training lessons for the Hong Kong and Asia market.


Sources:GDPR committeeFacebook Dating postponed in Europe over GDPR compliance
*Latest penalty reference:

The Five Major Differences between GDPR and the Personal Data (Privacy) Ordinance in Hong Kong
  1. Scope of coverage: GDPR is applicable to enterprises all around the world when the database of the business include members of the European Union.
  2. Reporting: GDPR requires companies to report to relevant parties within 72 hours when they discover cybersecurity affairs.
  3. Penalty: the Personal Data (Privacy) Ordinance of Hong Kong does not have a clear guideline about the penalty while GDPR has a heavy penalty.
  4. DPO (Data Protection Officer): GDPR clearly states that each company should have at least one DPO, taking charge of cybersecurity and customer data protection in different aspects. This position can be employed internally or externally.
  5. User rights: GDPR defined 8 rights that users should enjoy. Enterprises should help users enjoy their rights
GDPR 與香港個人私隱條例 的五個主要分別

Our GDPR related services

Data Protection Officer (DPO)
個人私隱保護專員 Data Protection Officer

Starting from the enforcement of GDPR in 2018, the position of Data Protection Officer (DPO) has become necessary for every company*.  Due to the limited company scale and resources, it could be difficult for companies to allocate sufficient human resources that are responsible for network security and personal data protection. StormEye provides professional outsourcing service for companies to serve as a third-party Data Protection Officer (DPO) and allows your company to keep on focus on your strengths.

StormEye advices enterprises to pay attention to the followings when looking for a Data Protection Officer or exploring the related position:

  1. The officer should understand the company’s culture, but not just limited to IT operations.
  2. The officer should be authorised to directly report to the Board of Directors.
  3. Different public guilds and societies provide seminars explaining the roles and functions of a Data Protection Officer. StormEye also provides seminars and technical trainings where enterprises can participate and gain more understanding about the topic.

*Please refer to GDPR website for more details

Website privacy information consultancy services

For company’s website that have membership function, a personal data privacy statement consulted by a professional legal team would be essential. As your professional and efficient partner, our company can finish as fast as two weeks, eliminating complicated and repetitive quotations, and at a reasonable price. To protect your company’s interests, we can also issue certifications for your confidence.

Professional privacy regulation consultancy services

StormEye has different experience serving enterprises who can help refine your cybersecurity, privacy protection and cybersecurity technology improvement, step by step from the very beginning. Feel free to contact us for a free consultation before proceed to the your decision.

Service Process

Start Consultation

The company are required to provide basic information, such as company name, address, and the industry.

Acquire more information in meetings

Understand about the company operations and personal privacy policies.


Based on the industry and risk to quotes.

Confirmation of consultancy information

Adjustment to content and quotation based on the companies’s resources and needs.

Start working

During our work, additional information may be required and all information will be kept strictly confidential.

First draft

Hong Kong team members will first summarise and give advice regarding the first draft. After discussing with the company, our team will revise the finalised first draft.

Professional lawyer review and advice

After revised the last edition, it will be sent to the cooperating law firms in the European Union for the final review and advice. It may require additional information during the process.

Complete the privacy regulation

The completed privacy regulation will be received from our cooperating law firms and ready to effective.

Review every two years

StormEye provides review suggestion every two years.