Why Singapore organisations need to agree to the GDPR
The idea of the GDPR is that as long as an association gathers information on individuals inside the EU, shares information or offers items and administrations inside the EU, they will be subjected to GDPR – regardless of whether they are situated in Singapore.
Intensifying regulatory pressures are top of mind for business leaders, with 70% of Singapore respondents (global: 78%) expressing increasing concern about data protection and data privacy compliance.
This is according to the third biennial EY Global Forensic Data Analytics Survey, which examined the responses of 745 executives from 19 countries (including 40 from Singapore) and analysed the legal, compliance and fraud risks that global companies face and the use of forensic data analytics (FDA) to manage them.
The new European legislation, General Data Protection Regulation (GDPR) is a new data protection law that will affect any businesses that are located within the European Union (EU) or any businesses that offer goods or services to EU residents. It becomes enforceable on 25 May 2018 and the financial repercussions of non-compliance are significant.
Non-compliance may result in suspension of data processing and fines of up to 4% of worldwide turnover or €20 million, whichever is greater.
The law is changing to keep up with digital advances in business. GDPR has a direct effect across all EU member states, however, the Member States are able to adopt their own national rules so businesses should be aware that each Member State may have a different law. The principles are largely the same across all member states making it easier for businesses to comply. More importantly, it helps to bolster consumer confidence with stronger control over their own data in the age of privacy breaches and transparency.
More than 7.1 billion identities worldwide have been exposed in data breaches over the last eight years. However, recent high profile cyber breaches including Singapore’s Ministry of Defence’s breach in early 2017 that resulted in the personal data of 850 national servicemen and employees being stolen sparked more conversations around security protocols on protecting personal data.
Later in the year, Singapore’s privacy gatekeeper, the Personal Data Protection Commission (PDPC), revised advisory guidelines on how local organizations handle individuals’ NRIC numbers, collect the physical NRIC or a copy of it. This encouraged more local organizations to adopt the necessary steps to better serve their customers by taking stronger measurements to protect personal data collected, if at all.
Data is the driving force of Singapore’s digital economy as the nation progresses towards becoming a Smart Nation. As such, it is imperative that local organisations adopt a strategic cybersecurity stance on how personal information is collected, managed and removed.
In a world where data is everywhere, it is becoming increasingly difficult for organisations to protect the personal information entrusted to them. And as cybercriminals reveal new levels of ambition and ability – organisations will need to keep privacy and security at the forefront of their business strategy to reduce their regulatory risks.