DLA Piper is widely recognised as a market leader in data protection, particularly in the hospitality sector, where it advises leading international hotel brands on APAC-wide compliance programmes. Practice head Carolyn Bigg is a leading authority on data protection, with standout expertise in bespoke compliance programmes and cyber incident management across Greater China. Venus Cheung is noted for her expertise in cloud, apps, IT infrastructure, and MLPs, while Qiuyang Zhao bolsters the team’s transactional capability with due diligence support on IP, data, and IT issues.

Hogan Lovells’ specialist IT practice is widely regarded as a go-to adviser for incident response, compliance counselling, programme development, and cross-border risk management in Hong Kong and across the wider region. The team is particularly recognised for its expertise in cross-border data transfers, ensuring regulatory compliance in cloud, outsourcing, and shared services arrangements. Practice head Tommy Liu is highly experienced in data privacy and cybersecurity regulatory matters, with a strong TMT focus. The group has seen recent changes, with Mark Parsons departing and Charmian Aw joining from Squire Patton Boggs in February 2025, bringing additional expertise in data protection, cybersecurity, and technology transactions.

A&O Shearman’s data and cyber practice is a key player in the region, with a strong track record handling some of Asia’s most high-profile cyber incidents. Practice head Anna Gamvros, who joined from Norton Rose Fulbright in 2024 and splits her time between Sydney and Hong Kong, is widely recognised for her market-leading breach response expertise. Edward Yau brings further strength in outsourcing and regulatory mandates, while Ruby Kwok adds distinctive capability in the media and TMT sectors.

Bird & Bird’s leading TMT practice is jointly led by Wilfred Ng and James Gong, who splits his time between Beijing and Hong Kong. The team is highly active on data compliance, localisation, and security assessments, and is particularly well-placed to advise on complex cross-border issues spanning the PRC, EU, UK, and Hong Kong. Ng advises across the full spectrum of commercial, transactional, and regulatory TMT and data protection matters, while Gong continues to lead major compliance projects across the Asia-Pacific region.

Clyde & Co LLP is frequently instructed on cyber resilience, privacy, data protection, compliance, data management, and digital risk strategies, including uplift programmes. The team is recognised for its expertise across the full incident lifecycle, from pre-incident planning and response through to recovery, regulatory investigations, and litigation. Simon McConnell and Joyce Chan co-lead the practice; McConnell is a trusted adviser to corporates impacted by cyberattacks, guiding on loss mitigation and regulatory notifications, while Chan brings particular strength in the insurance and financial services sectors.

CMS Hong Kong LLP has a leading data protection and cybersecurity practice in Hong Kong and across Asia-Pacific, regularly advising clients on complex regulatory and commercial challenges. Practice head Jonathan Chu brings over 20 years of experience in data policy, protection, cross-border transfers, and breach management. Mengyi Chen and Candy Tong strengthen the team with their notable expertise in intellectual property matters.

Kennedys offers deep expertise in global data breach notification regimes, including the GDPR, UK rules, and requirements across Hong Kong, Singapore, Australia, and New Zealand. The team frequently handles regulatory investigations and defends clients in cyber-related claims, including large-scale class actions following breaches. Practice head Joanie Ko is highly regarded for her cyber incident response expertise, advising on notifications and the recovery of funds lost through fraud.

King & Wood Mallesons’ Hong Kong TMT data team is a standout in the market, advising on high-profile and strategically significant projects shaping the region’s digital economy. Practice head Peter Bullock is recognised for his expertise in contentious and non-contentious matters involving digital systems and IT. Urszula McCormack adds further strength with her deep knowledge of blockchain and wider digital economy issues.

Linklaters advises on the full spectrum of privacy and cybersecurity matters, from the implementation of the GDPR, China’s PIPL and Data Security Law through to crisis management, breach notifications, and post-incident remediation. The team is also highly active in AI governance, big data, and data strategies linked to fintech, regtech, and adtech. The practice is led by Shanghai-based Alex Roberts, while in Hong Kong Jasmine Yung draws on her prior experience with the Privacy Commissioner’s Office to support clients on complex regulatory matters.

Mayer Brown is recognised for its strength in privacy and cybersecurity across Asia, with a standout reputation for handling large-scale, multi-jurisdictional cyber incidents. Acting primarily for policyholders, the team is a key player in coordinating crisis management, deploying forensic experts, and ensuring response activity remains protected by legal privilege. Practice head Gabriela Kennedy is highly experienced in IT outsourcing and disputes, as well as telecoms regulatory matters.

RPC is a key adviser to leading tech companies, including major data controllers and social media platforms, and is particularly noted for its ReSecure service, which delivers 24/7 cyber and data breach crisis response across Asia. Practice head Jonathan Crompton is a leading figure in governance and crisis management, frequently acting as breach coach on high-profile cyberattacks. Ivan Chang advises banks, digital asset exchanges, Big Four firms, and data-driven corporates on compliance, cross-border transfers, breach response, and regulatory investigations.

Baker McKenzie fields a versatile practice covering the full spectrum of privacy, data protection, and cybersecurity matters, ranging from compliance and governance to high-stakes disputes and fraud recovery. Co-heads Isabella Liu and Lex Kuo bring significant expertise in IP and TMT, respectively, while Gary Seib enhances the team’s contentious offering with a focus on cyber fraud recovery.

Deacons advises on a broad range of issues including cross-border data flows, cybersecurity agreements, digital marketing, consumer protection, and M&A due diligence. The team has particular strength in navigating the evolving PRC data privacy framework. Practice head Machiuanna Chu is a trusted adviser to technology, cryptocurrency, and fintech clients.

With in-depth expertise in cybersecurity incidents, cross-border transfer regulations, and personal information protection law, Johnson Stokes & Master is a key port of call for cyber insurers. TL Lim is well-versed in pre-incident preparation including governance, risk, and liability matters, while Sara Or is knowledgeable of e-payment initiatives. Michelle Yee, Ken TL Lam, and Grace Wong are other key team members.