The General Data Protection Regulation (GDPR), which came into effect on 25 May 2018, is the European Union’s privacy and security law. Significantly, it imposes obligations on organizations regardless of where they are based, provided that they target or collect data related to people in the EU. Prepared in partnership with Mayer Brown, this flowchart is specifically designed to help NGOs based in Hong Kong understand whether the GDPR might apply to them.



**This resource is not intended to provide, nor should it be relied on as, legal advice.**