The Hong Kong Office of the Privacy Commissioner for Personal Data recently published compliance guidance on the upcoming General Data Protection Regulation (GDPR), which examines the extra-territorial effect on Hong Kong companies. This includes those that have establishments in the European Union (EU), those that offer goods and services in the EU and those that monitor the behavior of individuals in the EU. Of particular importance is the compliance guidance examination of the accountability principle in the form of a data protection officer (DPO) and ongoing data privacy management tools under the GDPR, which are not explicitly provided for under the Personal Data (Privacy) Ordinance (PDPO), but will become a mandatory requirement under the GDPR.