The 6 Data Protection Principles (DPPs)
If you handle anyone's data (Names, IDs, Phones), you must follow these rules.
DPP1: Collection
Don't be greedy. Only collect what you strictly need. Tell them why (PICS).
DPP2: Accuracy
Keep it true. Delete data when the job is done (e.g., failed job applicants).
DPP3: Use
No surprises. Use data only for the original purpose. Need to sell it? Get consent.
DPP4: Security
Lock it up. Encrypt files. Train staff. Don't leave USB drives on the bus.
DPP5: Transparency
Be open. Have a Privacy Policy that explains your rules clearly.
DPP6: Access
Let them see. If someone asks to see their data, you must respond within 40 days.
Am I Compliant?
Select your role to generate a specific To-Do list.
Legal Simulator: What would you do?
Test your knowledge against real Hong Kong law.