WHY WALLA
A Business Guide to Hong Kong's PDPO: Building Trust with Your Data Collection Forms
Yuvin Kim
July 28, 2025
WHY WALLA
A Business Guide to Hong Kong's PDPO: Building Trust with Your Data Collection Forms
Yuvin Kim
July 28, 2025
For any organization collecting personal data in Hong Kong, the Personal Data (Privacy) Ordinance (PDPO) is the cornerstone of data protection law. This comprehensive legislation applies to both private and public sector organizations and is built around six fundamental Data Protection Principles (DPPs) that govern the entire lifecycle of personal data.
Understanding and adhering to these principles is not just about legal compliance; it's about building a foundation of trust with your customers and users. This guide will break down the six DPPs and show how a secure, flexible form builder like Walla can be a key partner in your compliance journey.
The Six Data Protection Principles (DPPs) of the PDPO: A Checklist
Principle 1: Purpose and Manner of Collection
You must collect personal data in a lawful and fair way, for a purpose directly related to your organization's functions. You cannot collect excessive data—only what is necessary for that purpose.
Action for Your Forms: Clearly state the purpose of data collection on your form. You can use a Personal Information Collection Statement (PICS) to inform individuals before they submit their data.
Principle 2: Accuracy and Duration of Retention
You must take reasonably practicable steps to ensure that personal data is accurate. Furthermore, you cannot keep personal data for longer than is necessary to fulfill the purpose for which it was collected.
Action for Your Forms: Have clear internal policies for data retention and periodically review and delete data that is no longer needed.
Principle 3: Use of Personal Data
Personal data may only be used for the purpose for which it was collected (or a directly related purpose), unless the individual gives their express and voluntary consent.
A Special Note on Direct Marketing: The PDPO has very strict rules here. You must obtain explicit consent before using personal data for direct marketing and inform the individual of their right to opt-out.
Action for Your Forms: If you plan to use data for marketing, include a separate, specific, and unchecked checkbox on your form to capture this consent.
Principle 4: Security of Personal Data
You must take all reasonably practicable steps to protect the personal data you hold from unauthorized or accidental access, processing, erasure, or loss.
Key Safeguards: This includes implementing robust security measures like end-to-end encryption, strong access controls, and secure storage.
Action for Your Forms: Use a platform that provides strong, built-in security features.
Principle 5: Openness and Transparency
Organizations must be open about their data handling policies and practices. You must make information available about the kinds of personal data you hold and how it is used.
Action for Your Forms: Link to your comprehensive privacy policy directly from your forms to ensure users can easily access this information.
Principle 6: Access and Correction Rights
Individuals have the right to request access to their personal data held by your organization and to request corrections if the data is inaccurate.
Your Responsibility: You must have a process in place to respond to these Data Access Requests (DARs) in a timely manner (within 40 days).
Action for Your Forms: Use a data management system that allows you to easily find, export, and update individual records.
How Walla Form Supports Your PDPO Compliance
Facilitating Consent and Transparency (DPP 1, 3, 5): Walla’s customizable forms allow you to add clear Personal Information Collection Statements, link to privacy policies, and use mandatory, unchecked checkboxes to capture the express consent needed for direct marketing or other uses.
Ensuring Data Security (DPP 4): We help you meet your security obligations with foundational features like end-to-end encryption for all data submitted through Walla forms, protecting it from unauthorized access.
Streamlining Individual Rights (DPP 6): Walla's centralized response dashboard makes it simple to find, export, and manage individual submissions, enabling you to efficiently handle Data Access Requests and correction requests.
Conclusion: Good Governance Builds Great Relationships
Complying with Hong Kong's PDPO is a commitment to good data governance. By embedding the six DPPs into your processes and choosing tools designed for security and transparency, you are not just mitigating legal risks—you are actively building stronger, more trusting relationships with the people you serve.
Disclaimer: This article provides general information and does not constitute legal advice. Please consult with a qualified legal professional to ensure your organization's practices are fully compliant with Hong Kong's PDPO.
香港《個人資料(私隱)條例》商業指南:透過您的資料收集表格建立信任
對於在香港收集個人資料的任何機構而言,《個人資料(私隱)條例》(PDPO)是資料保障法律的基石。這項全面的法例適用於私營及公營機構,並圍繞六項保障資料原則(DPPs)構建,規管個人資料的整個生命週期。
遵守這些原則不僅是為了合法合規,更是為了贏得並維繫客戶和用戶的信任。本指南將解析這六項保障資料原則,並說明像Walla這樣安全而靈活的表格工具如何成為您合規旅程中的重要夥伴。
PDPO的六項保障資料原則(DPPs)清單
原則1:收集資料的目的及方式
您必須以合法且公平的方式,為直接與您機構職能相關的目的收集個人資料。您不能收集超乎適度的資料——僅限於為該目的所需。
表格上的行動: 在您的表格上清晰說明收集資料的目的。您可以使用「個人資料收集聲明」(PICS)在個人提交資料前告知他們。
原則2:資料的準確性及保留期間
您必須採取所有切實可行的步驟,以確保個人資料的準確性。此外,個人資料的保留時間不應超過實現其使用目的所需的時間。
表格上的行動: 制定清晰的資料保留政策,並定期審查和刪除不再需要的資料。
原則3:資料的使用
個人資料只能用於收集時所述的目的(或直接相關的目的),除非得到當事人的明確及自願的同意。
關於直接促銷的特別說明: PDPO在此方面有非常嚴格的規定。您必須在將個人資料用於直接促銷前獲取明確同意,並告知當事人有權選擇拒絕。
表格上的行動: 如果您計劃將資料用於市場推廣,請在表格上加入一個獨立、具體且未被預先選取的複選框以獲取此類同意。
原則4:資料的保安
您必須採取所有切實可行的步驟,以保護您持有的個人資料免受未經授權或意外的查閱、處理、刪除或遺失。
關鍵安全措施: 這包括實施如點對點加密、嚴格的存取控制和安全的儲存等強大的安全措施。
表格上的行動: 使用提供強大內置安全功能的平台。
原則5:公開性及透明度
機構必須對其資料處理政策和做法持開放態度。您必須提供有關您所持有的個人資料種類及其用途的資訊。
表格上的行動: 在您的表格中直接連結至您全面的私隱政策,以確保用戶可以輕鬆查閱此資訊。
原則6:查閱及改正資料的權利
個人有權要求查閱您機構持有的其個人資料,並在資料不準確時要求改正。
您的責任: 您必須設有流程,以在規定時限內(40天內)回應這些「查閱資料要求」(DARs)。
表格上的行動: 使用一個能讓您輕鬆查找、匯出和管理個人記錄的資料管理系統。
Walla表格如何支援您的PDPO合規
促進同意與透明度(原則1、3、5): Walla的可自訂表格允許您添加清晰的「個人資料收集聲明」、連結至私隱政策,並使用強制性、未被預先選取的複選框來獲取直接促銷或其他用途所需的明確同意。
確保資料安全(原則4): 我們通過為所有通過Walla表格提交的資料提供點對點加密等基礎安全功能,幫助您履行安全義務,保護資料免受未經授權的存取。
簡化個人權利(原則6): Walla的中央化回覆儀表板使查找、匯出和管理個人提交的資料變得簡單,讓您能夠有效地處理「查閱資料要求」和改正請求。
結論:良好的管治建立卓越的關係
遵守香港的PDPO是對良好資料管治的承諾。通過將六項保障資料原則融入您的流程,並選擇為安全和透明度而設計的工具,您不僅能降低法律風險,更能積極地與您服務的人建立更強大、更信任的關係。
免責聲明:本文僅供參考,不構成法律意見。請諮詢合資格的法律專業人士,以確保您的機構實務完全符合香港的PDPO。
For any organization collecting personal data in Hong Kong, the Personal Data (Privacy) Ordinance (PDPO) is the cornerstone of data protection law. This comprehensive legislation applies to both private and public sector organizations and is built around six fundamental Data Protection Principles (DPPs) that govern the entire lifecycle of personal data.
Understanding and adhering to these principles is not just about legal compliance; it's about building a foundation of trust with your customers and users. This guide will break down the six DPPs and show how a secure, flexible form builder like Walla can be a key partner in your compliance journey.
The Six Data Protection Principles (DPPs) of the PDPO: A Checklist
Principle 1: Purpose and Manner of Collection
You must collect personal data in a lawful and fair way, for a purpose directly related to your organization's functions. You cannot collect excessive data—only what is necessary for that purpose.
Action for Your Forms: Clearly state the purpose of data collection on your form. You can use a Personal Information Collection Statement (PICS) to inform individuals before they submit their data.
Principle 2: Accuracy and Duration of Retention
You must take reasonably practicable steps to ensure that personal data is accurate. Furthermore, you cannot keep personal data for longer than is necessary to fulfill the purpose for which it was collected.
Action for Your Forms: Have clear internal policies for data retention and periodically review and delete data that is no longer needed.
Principle 3: Use of Personal Data
Personal data may only be used for the purpose for which it was collected (or a directly related purpose), unless the individual gives their express and voluntary consent.
A Special Note on Direct Marketing: The PDPO has very strict rules here. You must obtain explicit consent before using personal data for direct marketing and inform the individual of their right to opt-out.
Action for Your Forms: If you plan to use data for marketing, include a separate, specific, and unchecked checkbox on your form to capture this consent.
Principle 4: Security of Personal Data
You must take all reasonably practicable steps to protect the personal data you hold from unauthorized or accidental access, processing, erasure, or loss.
Key Safeguards: This includes implementing robust security measures like end-to-end encryption, strong access controls, and secure storage.
Action for Your Forms: Use a platform that provides strong, built-in security features.
Principle 5: Openness and Transparency
Organizations must be open about their data handling policies and practices. You must make information available about the kinds of personal data you hold and how it is used.
Action for Your Forms: Link to your comprehensive privacy policy directly from your forms to ensure users can easily access this information.
Principle 6: Access and Correction Rights
Individuals have the right to request access to their personal data held by your organization and to request corrections if the data is inaccurate.
Your Responsibility: You must have a process in place to respond to these Data Access Requests (DARs) in a timely manner (within 40 days).
Action for Your Forms: Use a data management system that allows you to easily find, export, and update individual records.
How Walla Form Supports Your PDPO Compliance
Facilitating Consent and Transparency (DPP 1, 3, 5): Walla’s customizable forms allow you to add clear Personal Information Collection Statements, link to privacy policies, and use mandatory, unchecked checkboxes to capture the express consent needed for direct marketing or other uses.
Ensuring Data Security (DPP 4): We help you meet your security obligations with foundational features like end-to-end encryption for all data submitted through Walla forms, protecting it from unauthorized access.
Streamlining Individual Rights (DPP 6): Walla's centralized response dashboard makes it simple to find, export, and manage individual submissions, enabling you to efficiently handle Data Access Requests and correction requests.
Conclusion: Good Governance Builds Great Relationships
Complying with Hong Kong's PDPO is a commitment to good data governance. By embedding the six DPPs into your processes and choosing tools designed for security and transparency, you are not just mitigating legal risks—you are actively building stronger, more trusting relationships with the people you serve.
Disclaimer: This article provides general information and does not constitute legal advice. Please consult with a qualified legal professional to ensure your organization's practices are fully compliant with Hong Kong's PDPO.
香港《個人資料(私隱)條例》商業指南:透過您的資料收集表格建立信任
對於在香港收集個人資料的任何機構而言,《個人資料(私隱)條例》(PDPO)是資料保障法律的基石。這項全面的法例適用於私營及公營機構,並圍繞六項保障資料原則(DPPs)構建,規管個人資料的整個生命週期。
遵守這些原則不僅是為了合法合規,更是為了贏得並維繫客戶和用戶的信任。本指南將解析這六項保障資料原則,並說明像Walla這樣安全而靈活的表格工具如何成為您合規旅程中的重要夥伴。
PDPO的六項保障資料原則(DPPs)清單
原則1:收集資料的目的及方式
您必須以合法且公平的方式,為直接與您機構職能相關的目的收集個人資料。您不能收集超乎適度的資料——僅限於為該目的所需。
表格上的行動: 在您的表格上清晰說明收集資料的目的。您可以使用「個人資料收集聲明」(PICS)在個人提交資料前告知他們。
原則2:資料的準確性及保留期間
您必須採取所有切實可行的步驟,以確保個人資料的準確性。此外,個人資料的保留時間不應超過實現其使用目的所需的時間。
表格上的行動: 制定清晰的資料保留政策,並定期審查和刪除不再需要的資料。
原則3:資料的使用
個人資料只能用於收集時所述的目的(或直接相關的目的),除非得到當事人的明確及自願的同意。
關於直接促銷的特別說明: PDPO在此方面有非常嚴格的規定。您必須在將個人資料用於直接促銷前獲取明確同意,並告知當事人有權選擇拒絕。
表格上的行動: 如果您計劃將資料用於市場推廣,請在表格上加入一個獨立、具體且未被預先選取的複選框以獲取此類同意。
原則4:資料的保安
您必須採取所有切實可行的步驟,以保護您持有的個人資料免受未經授權或意外的查閱、處理、刪除或遺失。
關鍵安全措施: 這包括實施如點對點加密、嚴格的存取控制和安全的儲存等強大的安全措施。
表格上的行動: 使用提供強大內置安全功能的平台。
原則5:公開性及透明度
機構必須對其資料處理政策和做法持開放態度。您必須提供有關您所持有的個人資料種類及其用途的資訊。
表格上的行動: 在您的表格中直接連結至您全面的私隱政策,以確保用戶可以輕鬆查閱此資訊。
原則6:查閱及改正資料的權利
個人有權要求查閱您機構持有的其個人資料,並在資料不準確時要求改正。
您的責任: 您必須設有流程,以在規定時限內(40天內)回應這些「查閱資料要求」(DARs)。
表格上的行動: 使用一個能讓您輕鬆查找、匯出和管理個人記錄的資料管理系統。
Walla表格如何支援您的PDPO合規
促進同意與透明度(原則1、3、5): Walla的可自訂表格允許您添加清晰的「個人資料收集聲明」、連結至私隱政策,並使用強制性、未被預先選取的複選框來獲取直接促銷或其他用途所需的明確同意。
確保資料安全(原則4): 我們通過為所有通過Walla表格提交的資料提供點對點加密等基礎安全功能,幫助您履行安全義務,保護資料免受未經授權的存取。
簡化個人權利(原則6): Walla的中央化回覆儀表板使查找、匯出和管理個人提交的資料變得簡單,讓您能夠有效地處理「查閱資料要求」和改正請求。
結論:良好的管治建立卓越的關係
遵守香港的PDPO是對良好資料管治的承諾。通過將六項保障資料原則融入您的流程,並選擇為安全和透明度而設計的工具,您不僅能降低法律風險,更能積極地與您服務的人建立更強大、更信任的關係。
免責聲明:本文僅供參考,不構成法律意見。請諮詢合資格的法律專業人士,以確保您的機構實務完全符合香港的PDPO。
For any organization collecting personal data in Hong Kong, the Personal Data (Privacy) Ordinance (PDPO) is the cornerstone of data protection law. This comprehensive legislation applies to both private and public sector organizations and is built around six fundamental Data Protection Principles (DPPs) that govern the entire lifecycle of personal data.
Understanding and adhering to these principles is not just about legal compliance; it's about building a foundation of trust with your customers and users. This guide will break down the six DPPs and show how a secure, flexible form builder like Walla can be a key partner in your compliance journey.
The Six Data Protection Principles (DPPs) of the PDPO: A Checklist
Principle 1: Purpose and Manner of Collection
You must collect personal data in a lawful and fair way, for a purpose directly related to your organization's functions. You cannot collect excessive data—only what is necessary for that purpose.
Action for Your Forms: Clearly state the purpose of data collection on your form. You can use a Personal Information Collection Statement (PICS) to inform individuals before they submit their data.
Principle 2: Accuracy and Duration of Retention
You must take reasonably practicable steps to ensure that personal data is accurate. Furthermore, you cannot keep personal data for longer than is necessary to fulfill the purpose for which it was collected.
Action for Your Forms: Have clear internal policies for data retention and periodically review and delete data that is no longer needed.
Principle 3: Use of Personal Data
Personal data may only be used for the purpose for which it was collected (or a directly related purpose), unless the individual gives their express and voluntary consent.
A Special Note on Direct Marketing: The PDPO has very strict rules here. You must obtain explicit consent before using personal data for direct marketing and inform the individual of their right to opt-out.
Action for Your Forms: If you plan to use data for marketing, include a separate, specific, and unchecked checkbox on your form to capture this consent.
Principle 4: Security of Personal Data
You must take all reasonably practicable steps to protect the personal data you hold from unauthorized or accidental access, processing, erasure, or loss.
Key Safeguards: This includes implementing robust security measures like end-to-end encryption, strong access controls, and secure storage.
Action for Your Forms: Use a platform that provides strong, built-in security features.
Principle 5: Openness and Transparency
Organizations must be open about their data handling policies and practices. You must make information available about the kinds of personal data you hold and how it is used.
Action for Your Forms: Link to your comprehensive privacy policy directly from your forms to ensure users can easily access this information.
Principle 6: Access and Correction Rights
Individuals have the right to request access to their personal data held by your organization and to request corrections if the data is inaccurate.
Your Responsibility: You must have a process in place to respond to these Data Access Requests (DARs) in a timely manner (within 40 days).
Action for Your Forms: Use a data management system that allows you to easily find, export, and update individual records.
How Walla Form Supports Your PDPO Compliance
Facilitating Consent and Transparency (DPP 1, 3, 5): Walla’s customizable forms allow you to add clear Personal Information Collection Statements, link to privacy policies, and use mandatory, unchecked checkboxes to capture the express consent needed for direct marketing or other uses.
Ensuring Data Security (DPP 4): We help you meet your security obligations with foundational features like end-to-end encryption for all data submitted through Walla forms, protecting it from unauthorized access.
Streamlining Individual Rights (DPP 6): Walla's centralized response dashboard makes it simple to find, export, and manage individual submissions, enabling you to efficiently handle Data Access Requests and correction requests.
Conclusion: Good Governance Builds Great Relationships
Complying with Hong Kong's PDPO is a commitment to good data governance. By embedding the six DPPs into your processes and choosing tools designed for security and transparency, you are not just mitigating legal risks—you are actively building stronger, more trusting relationships with the people you serve.
Disclaimer: This article provides general information and does not constitute legal advice. Please consult with a qualified legal professional to ensure your organization's practices are fully compliant with Hong Kong's PDPO.
香港《個人資料(私隱)條例》商業指南:透過您的資料收集表格建立信任
對於在香港收集個人資料的任何機構而言,《個人資料(私隱)條例》(PDPO)是資料保障法律的基石。這項全面的法例適用於私營及公營機構,並圍繞六項保障資料原則(DPPs)構建,規管個人資料的整個生命週期。
遵守這些原則不僅是為了合法合規,更是為了贏得並維繫客戶和用戶的信任。本指南將解析這六項保障資料原則,並說明像Walla這樣安全而靈活的表格工具如何成為您合規旅程中的重要夥伴。
PDPO的六項保障資料原則(DPPs)清單
原則1:收集資料的目的及方式
您必須以合法且公平的方式,為直接與您機構職能相關的目的收集個人資料。您不能收集超乎適度的資料——僅限於為該目的所需。
表格上的行動: 在您的表格上清晰說明收集資料的目的。您可以使用「個人資料收集聲明」(PICS)在個人提交資料前告知他們。
原則2:資料的準確性及保留期間
您必須採取所有切實可行的步驟,以確保個人資料的準確性。此外,個人資料的保留時間不應超過實現其使用目的所需的時間。
表格上的行動: 制定清晰的資料保留政策,並定期審查和刪除不再需要的資料。
原則3:資料的使用
個人資料只能用於收集時所述的目的(或直接相關的目的),除非得到當事人的明確及自願的同意。
關於直接促銷的特別說明: PDPO在此方面有非常嚴格的規定。您必須在將個人資料用於直接促銷前獲取明確同意,並告知當事人有權選擇拒絕。
表格上的行動: 如果您計劃將資料用於市場推廣,請在表格上加入一個獨立、具體且未被預先選取的複選框以獲取此類同意。
原則4:資料的保安
您必須採取所有切實可行的步驟,以保護您持有的個人資料免受未經授權或意外的查閱、處理、刪除或遺失。
關鍵安全措施: 這包括實施如點對點加密、嚴格的存取控制和安全的儲存等強大的安全措施。
表格上的行動: 使用提供強大內置安全功能的平台。
原則5:公開性及透明度
機構必須對其資料處理政策和做法持開放態度。您必須提供有關您所持有的個人資料種類及其用途的資訊。
表格上的行動: 在您的表格中直接連結至您全面的私隱政策,以確保用戶可以輕鬆查閱此資訊。
原則6:查閱及改正資料的權利
個人有權要求查閱您機構持有的其個人資料,並在資料不準確時要求改正。
您的責任: 您必須設有流程,以在規定時限內(40天內)回應這些「查閱資料要求」(DARs)。
表格上的行動: 使用一個能讓您輕鬆查找、匯出和管理個人記錄的資料管理系統。
Walla表格如何支援您的PDPO合規
促進同意與透明度(原則1、3、5): Walla的可自訂表格允許您添加清晰的「個人資料收集聲明」、連結至私隱政策,並使用強制性、未被預先選取的複選框來獲取直接促銷或其他用途所需的明確同意。
確保資料安全(原則4): 我們通過為所有通過Walla表格提交的資料提供點對點加密等基礎安全功能,幫助您履行安全義務,保護資料免受未經授權的存取。
簡化個人權利(原則6): Walla的中央化回覆儀表板使查找、匯出和管理個人提交的資料變得簡單,讓您能夠有效地處理「查閱資料要求」和改正請求。
結論:良好的管治建立卓越的關係
遵守香港的PDPO是對良好資料管治的承諾。通過將六項保障資料原則融入您的流程,並選擇為安全和透明度而設計的工具,您不僅能降低法律風險,更能積極地與您服務的人建立更強大、更信任的關係。
免責聲明:本文僅供參考,不構成法律意見。請諮詢合資格的法律專業人士,以確保您的機構實務完全符合香港的PDPO。
Continue Reading
The form you've been searching for?
Walla, Obviously.
Paprika Data Lab Inc.
557, Yeoksam-ro, Gangnam-gu, Seoul
Services
The form you've been searching for?
Walla, Obviously.
Paprika Data Lab Inc.
557, Yeoksam-ro, Gangnam-gu, Seoul
Services
The form you've been searching for?
Walla, Obviously.
Paprika Data Lab Inc.
557, Yeoksam-ro, Gangnam-gu, Seoul
Services
