In a global economy where personal data is an increasingly valuable commercial asset, the ability to validly collect, treat and transfer personal data is key to commercial strategies of international companies in APAC. Macau, as a hub of increasing importance for service providers and international brands, poses specific challenges in data privacy compliance, especially in the transfer to outside of Macau of personal data collected within. What are the circumstances in which transfers are permitted? What are the local regulatory requirements? How has the local regulator interpreted concepts such as “consent” or “legal requirement”? We propose to take participants through the complex set of requirements and exceptions and to provide further clarity on an aspect of data privacy compliance with increasing importance and under increasing scrutiny.