Increasing concerns over data and consumer privacy have led to the creation of various laws designed to ensure organisations become more accountable for how information they have collected are managed and shared. Most of the measures take inspiration from laws like the General Data Protection Regulation (GDPR).
In Singapore, they have created the Personal Data Protection Act or PDPA. Essentially, it’s a law that governs the collection, disclosure, use, and storage of personal data by private organisations. Those who are not able to comply with the PDPA may not only suffer reputation damage, they can also be fined up to $1 million.
Nowadays, there are many courses that are designed for PDPA officers. These courses are also great for those in HR as well as those with no training or exposure to Personal Data Protection. PDPA officers who want to learn the best PDPA practices and identify risks can also benefit from taking a PDPA course.
However, the culture of data protection still needs to be firmly established in many organisations. While unfortunate to note, many organisations have not been able to clearly identify privacy and data protection risks. They also don’t have a data management programme that can help ensure PDPA compliance.
At least 80% of PDPA enforcement cases can be attributed to lack of security measures in place. However, many breaches can also be traced to negligence or human error aside from unprotected application or system.
Apart from the lack of data protection competencies and ignorance, the shortage can be the result of lack of data protection talent. The lack of bandwidth also hinders Data Protection Officers (DPOs) from doing an effective job.
Ideally, it makes practical sense to have a qualified and dedicated DPO as it minimises data breach risks while enhancing business opportunities at the same time. Data breaches will cost organisations in more ways than one.
Apart from operation disruptions, there’s also the possibility of paying a penalty. There’s also loss of customers, legal actions, time spent in response and investigation, and tarnishing of the reputation.
One of the biggest consequences of not having a trained talent is increased data breach risk. DPOs that are untrained in data protection are more vulnerable to experiencing data breaches or incidents.
Certain sectors like IT and finance also face higher risks. Data incidents can have severe consequences for the organisation. Fortunately, many large organisations as well as SMEs are also turning their attention to this area.
This development can be attributed to the fact that regulators are starting to enforce data protection laws. This is also coupled by the expectation of the public that organisations are accountable when processing data.
In Singapore, amendments of the PDPA have been made, making the guidelines clearer. This also helps ensure that regulators have more teeth in the enforcement. As the measures are fine tuned, having an untrained or part-time DPO becomes unacceptable.
In today’s digital age, it is inevitable for businesses to provide greater attention to data protection. Otherwise, they can risk losing the trust of both stakeholders and customers. Besides, the consequences of not doing so can be dire.
