Data protection laws are relatively new in Singapore, as the Data Privacy Provisions of the Personal Data Protection Act (“PDPA”) came into force just two years ago, shortly after the “Do Not Call” (“DNC”) regime was introduced.
However, compliance is stringent under this new law, and many companies are still unaware of their vulnerability to a potential breach of their PDPA obligations.
In this digital age, millions of individuals’ personal information are being stored by banks, hospitals, internet service providers and other service providers. Even SME’s are not spared and are held to strict compliance.
Numerous issues have to be tackled concerning more efficient data protection. What are the common mistakes made by organizations that result in personal data leaks?
Recent cases in Singapore emerged where numerous organizations were issued warnings or fines by the Personal Data Protection Commission (“PDPC”), Singapore’s main administration and enforcement body of the PDPA.
Firstly when organizations are required to deal with third-party data intermediaries (like Finantech Holdings), they should ensure that there are adequate contractual safeguards in relation to the handling of the personal data transferred to them. Appointing a competent Data Protection Officer (“DPO”) might be an important step to ensure such compliance issues are sorted out. The appointed DPO could stress and educate the importance of PDPA compliance with the relevant data intermediaries and conduct regular monitoring to ensure adequate data protection compliance.
The PDPA empowers the PDPC to issue financial penalties of up to S$1,000,000.
At a recent Personal Data Security Seminar, Dr Yacoob Ibrahim, Minister for Communications and Information, emphasized that it is no longer a choice to handle data protection as an afterthought. As the range of companies taking action by the PDPC against them grows, it may be time for all organizations to take the PDPA more seriously to ensure adequate enforcement when managing personal data, as well as appropriate safeguards to secure these data. The PDPC’s latest actions against the many organizations are an immediate warning to all of us of the adverse effects of PDPA noncompliance.
The consequences for noncompliance of the PDPA may result in more just financial penalties. There could be increased time and financial costs of organizations having to deal with numerous client/customer complaints in the event of a suspected PDPA breach. Furthermore, there is the negative publicity that could have adverse effects on organizations when the PDPC takes action for PDPA noncompliance. Clients/customers might lose the trust and confidence in organizations in the event of a personal data leak, and this may ultimately lead to loss of business and revenue down the line.
Now maybe a reasonable time to review the internal procedures of the companies and ensure conformity with PDPA is adhered properly. Compliance review of data protection is not an alternative, and should not be treated as a mere afterthought. Compliance review with the PDPA is essential, and the time is now.
To learn more about business, visit https://thevisionary.io