When data privacy takes centre-stage

This article is brought to you by Straits Interactive.

As global regulations kick in, companies will find themselves having to manage compliance across borders - this is where Straits Interactive can help.

With today’s data privacy laws in force, and the EU General Data Protection Regulation (GDPR) soon to be enforced, all it takes is for data or a privacy breach to get your company into trouble with the law.

New privacy invasive technologies, such as AI, big data profiling, and the risks of reputational damage and consequential loss of shareholder value, as shown in the recent Facebook-Cambridge Analytica saga, bring the privacy issues and requirements of data protection laws to centre-stage.

In ASEAN, especially Malaysia, the Philippines and Singapore, data protection regulators have ramped up enforcement. To safeguard your company’s data (and that of your client), you first need to assess and be aware of the various exposures and risks involving personal data within your company.

Your data protection officer (DPO) or compliance team will then need to put policies, procedures and controls in place, sustain compliance and finally, respond to a data breach.

Then there is the EU’s GDPR that will come into force from May 2018. Designed to protect the personal data of all European Union (EU) residents, it also applies to businesses:

• In ASEAN that conduct business in the EU,
• That market to EU residents, or
• Who are vendors to EU companies (vendors are increasingly seeing this inserted in contracts).

Fines for organisations can be onerous if a company is found to be in breach of the laws. In Malaysia, a jail term can also apply. As for the EU, an organisation found to be in breach of the laws can be fined up to €20 million (as a start) or 4% of the company’s global annual turnover of the previous year, whichever is higher.