APAC Organizations are facing operational challenges, as they keep up with compliance requirements in regulated and unregulated sectors.
Many governments in Asia are implementing data protection practices as a key to improve business operations and innovation. With heightened risks in online operations, organizations fear that hackers are able to manifest and take advantage of the pandemic situation.
More than compliance requirements, many firms see to it that the migration of personal data to new storage poses a threat. The rising data breach cases opened the eyes of businesses in damages caused by unregulated data or information.
According to Straits Interactive CEO Kevin Shepherdson, many organizations have put together data protection practices ‘to keep up with compliance requirements.’ “But whether it is specifically for business growth and innovation is still up in the air,” added Shepherdson.
Unlike Western countries or members of the European Union, ASEAN is still exploring the data protection and privacy laws. In ASEAN, Singapore and the Philippines are the first countries to mandate a data protection officer (DPO) in data protection regimes.
Thailand is also following, with new laws on data protection for companies.
Shortage of Skilled DPO
One of the biggest problems faced by ASEAN countries is the lack of staff training as well as resources. Countries in the European Union have the financial muscle to hire a dedicated officer to protect data.
Meanwhile, in the Asia Pacific, DPO lacks proper training in performing roles and responsibilities. Additionally, data protection is set aside in most companies because of varying priorities. Most of the time, management priority is focused on ensuring profitability and not security.
Many organizations also experienced a shortage of hiring skilled DPO that knows a lot about data protection.
“Many SMEs appoint someone who double-hats as a DPO. It could be HR, marketing, or IT head who may know very little about data protection and privacy practices,” said Shepherdson.
Most often, companies hire generalists, with no specific knowledge of privacy laws and data protection. DPOs are not seen as a business priority, compared to Western countries.
Aside from the lack of skilled DPOs and shifting priorities, another issue on data protection is the checkbox compliance. Company lawyers and legal representatives only satisfy to tick off requirements just for the sake of complying.
Companies only satisfy conditions and compliance, with little knowledge of what these things mean in relation to data protection. Risk management is also not in the picture, as organizations don’t fill the gap in preventing risks when processing personal data.