The session started off with Nevin Sim, GRC Consultant at Privasec, sharing about the attitudes and perceptions towards data privacy in Asia. Previously, data privacy was not given as much priority as other core processes within a business, but there has been a gradual shift and more organisations are trying to uplift their data protection practices. This is also driven by increasing user expectations for companies to manage and safeguard data appropriately.

Next, Dominic Ng, Data Protection Certifications Manager at IMDA, also shared that with digitalisation and the increase in the collection and use of personal data, come the awakening from the agency on the importance of data protection. He also encouraged Small and Medium Enterprises (SMEs) and businesses to attain data certifications, and elaborated that Singapore’s data protection certification is backed by IMDA, which gives it a reputational boost.

Dominic also emphasized the importance of appointing a Data Privacy Officer (DPO). Although a director or decision-maker in the company would make a good candidate, the appointee does not need to be a certified or experienced person, with relevant certifications like CIPP/A etc. It is possible to appoint someone that your organisation deems to be suitable to do the job.

Lastly, Yuit Ang, Vice President of Strategies, Development and Digitalisation at ASME, also shared the perspectives of SMEs, regarding the challenges they face in adopting data protection measures. Generally, the main challenge would be the lack of resources, in terms of commitment of time, money and effort, where business owners tend to put their focus on business-generating / revenue generating activities. 

To encourage the adoption of data protection measures, Yuit suggested presenting and simplifying such data protection measures and certifications in the perspective of SMEs, with basic steps and different levels catered to organisations of different maturity levels.  In addition, he also suggested that regulators can look to educate business owners about the benefits of data protection, where it can help the business gain more revenue, access more customers and new potential markets, which could also pique the interest of more SMEs to take further action in having their privacy standards elevated.

Conclusion

Data Privacy is an essential component in this digitalised world, where organisations need to start to prioritize data privacy, and not take it for granted. Even if your core processes do not involve personal data, regulations like PDPA is going to be mandatory for all and important in demonstrating your organisation’s accountability. 

Having good Data Protection measures and certification would benefit organisations in many ways, including increasing its competitive advantage and providing assurance to external parties (suppliers, partners, potential business, regulators). It also provides regulatory relief, where having a Data Protection Trustmark can be a strong mitigating factor in the event of data breach.

As mentioned in the session, there are many available courses, grants and fundings from Enterprise Singapore  and IMDA, PDPC that organisations can tap on. Data Privacy is the responsibility of everyone, where it is important to continuously raise awareness among SMEs and businesses to build the organisation’s security culture and enforce adequate data protection practices. 

Lastly, we would like to thank all our esteemed speakers and participants for taking their time off to join us for this session and we look forward to seeing everyone in our next event!