Global Data Privacy Guide |
|
Macau |
|
(Asia Pacific)
Firm
MdME
Contributors
José Leitão |
|
What is the key legislation? | Law No. 8/2005 (the “Data Protection Law”), which sets the legal regime for collecting, processing and transferring personal data. |
What data is protected? | Personal Data, being information about an identifiable individual is protected. |
Who is subject to privacy obligations? | Any individual or collective persons wishing to collect, treat and/or transfer personal data |
What are the principles applicable to personal data processing? | Generally, personal information must be collected from the individual concerned and must only be collected for a lawful purpose connected with a function or activity of the person/ entity collecting/ treating the personal data. The individual must be made aware of certain matters before collection. |
How is the processing of personal data regulated? | Subject to specific exceptions, persons/entities covered by these provisions may only use or disclose personal information for the purpose for which it was collected. |
How are storage, security and retention of personal data regulated? | Personal information must be protected from unauthorized loss, use, modification or disclosure with reasonable security safeguards. persons/entities covered by these provisions must not keep personal information for longer than is required. |
What are the data subjects' rights? | An individual is entitled to have access to any personal information about them held by persons/entities covered by these provisions. An individual may request correction/amendment/reply of personal information. |
Are there restrictions on cross-border data transfers? | Persons/entities covered by these provisions wishing to transfer personal information out of Macau must still comply with certain information privacy principles. |
Are there any notification requirements for data breaches? | There are no mandatory reporting requirements for data breaches. |
Who is the privacy regulator? | The Macau Data Privacy Office (the “MDPO”) |
What are the consequences of a privacy breach? | Consequences of privacy breach include fines, potential criminal sentences and and accessory sanctions |
How is electronic marketing regulated? | No specific regulation at this stage, direct marketing is subject to specific restrictions |
Are there any recent developments or expected reforms? | Changes in MDPO framework; envisaged changes to Data Protection Law. |
Global Data Privacy Guide
Law No. 8/2005 (the “Data Protection Law”), which sets the legal regime for collecting, processing and transferring personal data.
Personal Data, being information about an identifiable individual is protected.
Any individual or collective persons wishing to collect, treat and/or transfer personal data
Generally, personal information must be collected from the individual concerned and must only be collected for a lawful purpose connected with a function or activity of the person/ entity collecting/ treating the personal data. The individual must be made aware of certain matters before collection.
Subject to specific exceptions, persons/entities covered by these provisions may only use or disclose personal information for the purpose for which it was collected.
Personal information must be protected from unauthorized loss, use, modification or disclosure with reasonable security safeguards. persons/entities covered by these provisions must not keep personal information for longer than is required.
An individual is entitled to have access to any personal information about them held by persons/entities covered by these provisions. An individual may request correction/amendment/reply of personal information.
Persons/entities covered by these provisions wishing to transfer personal information out of Macau must still comply with certain information privacy principles.
There are no mandatory reporting requirements for data breaches.
The Macau Data Privacy Office (the “MDPO”)
Consequences of privacy breach include fines, potential criminal sentences and and accessory sanctions
No specific regulation at this stage, direct marketing is subject to specific restrictions
Changes in MDPO framework; envisaged changes to Data Protection Law.