A practical checklist for AI projects against the PDPO’s six Data Protection Principles — collection, use, accuracy, security, openness and access.
dgm is an independent osFoundry integration partner — not affiliated with osFoundry’s maker (OS LLC), and dgm has no completed client integrations yet.
A short, practical checklist for keeping an AI project on the right side of Hong Kong’s PDPO — usable before you build and before you go live.
Before you build
Inventory the personal data the AI will touch; confirm the purpose and that it is the original or a directly related one (DPP1, DPP3); minimise what you collect; and decide where the data will be processed and whether it should stay in Hong Kong.
While you build
Secure training data, prompts and outputs (DPP4); keep data accurate and set retention limits (DPP2); keep a human in the loop for decisions affecting people; and document your choices for openness (DPP5).
Before you go live
Confirm people can access and correct their data (DPP6); update privacy notices; and have a breach-response plan even though notification is voluntary. osFoundry’s managed cloud pins data to the US, EU or Japan — it does not currently offer a Hong Kong managed region (its nearest managed region is Japan). To keep data in Hong Kong, the honest path is self-hosting osFoundry (BYO Cloud) inside a Hong Kong cloud region such as AWS Asia Pacific (Hong Kong) ap-east-1, Microsoft Azure East Asia (Hong Kong SAR) or Google Cloud asia-east2 (Hong Kong), or running models locally on-device.
Where dgm fits
dgm is an independent integration partner that helps Hong Kong businesses adopt osFoundry — scoping a first use case, handling the build, and connecting AI to the systems you already run. dgm is independent of osFoundry’s maker (OS LLC) and has no completed client integrations yet, so everything described here is a service offered, not a past result. If you want to scope a practical first project, dgm can help you map it out.