The question of data privacy has become one that is shaping the business world of the 21st century. With many technologies advancing in leaps and bounds – as well as the increasing importance of ‘The Internet of Things’ the appointment of a professional Data Protection Officer to ensure legal and mandatory compliance has become a business imperative. We look at how failure to appoint such professionals who can operate at all levels of an organisation can be a costly mistake – not only in terms of revenue – but also in terms of customer trust.
In this article, we examine how regulators in Asia are mandating the appointment of Data Protection Officers and how these appointees form only one part of a team that must be tasked with not only ensuring the integrity of data, but also in responding to breaches of security. We also touch on the consequences of team members not familiarising themselves with their individual roles and responsibilities.
Indonesia boasts one of the fastest growing economies in South East Asia. However, rapid growth has not been followed by robust development on the regulatory side, particularly in the case of specific rules regarding personal data protection. Authors Zacky Zainal Husein and Andin Aditya Rahman argue that clear definitions are paramount in setting the tone of any regulations, including Indonesia’s upcoming personal data protection rules. The article discusses how “personal data” is defined in the draft rules and the potential implications of sectoral regulation.
Like Superman draws his power from the sun, the cloud imbues organisations with remarkable power and flexibility. But how should organisations wield such power effectively to protect their users and data, especially in light of data protection regulations? Matthias Yeo, APAC CTO of Blue Coat, shares the top 3 tenets of adopting a cloud strategy so you can be the hero, not the villain.
Following the Malaysia Personal Data Protection Act (PDPA), the Personal Data Protection Standards 2015 sets out the "minimum" standards to be observed.
The General Data Protection Regulation is the first comprehensive overhaul of European Union data protection rules in 20 years. This two-part article will examine the GDPR’s impact on businesses in Asia, with a focus on territorial scope, controller and processor obligations, and international data transfers.
As personal data protection continue to challenge companies it is becoming apparent that the commissions and other structures that police these issues have become impatient with organisations that are not complying with recommendations. For the first time those companies which have suffered a data breach and been found not in compliance are feeling the wrath of governing bodies.
In our first article on the European Union General Data Protection Regulation (Regulation (EU) 2016/679 or ‘GDPR’) we focused on the global territorial scope of the new rules and how they could affect businesses based in Asia. In particular, we highlighted how the enhanced rights of data subjects in the EU and the expanded obligations on data controllers and data processors — even if they are located outside the EU — provide much for businesses to consider as they become compliant with the new rules. In this second article, we will focus on the new regulatory-enforcement regime and international data transfers, and then draw comparisons with the Asia-Pacific Economic Cooperation (APEC) Cross-Border Privacy Rules (CBPR) system.
The exit of the United Kingdom from the EU has caused turmoil in world markets and has far reaching consequences for those companies in the European Union doing business with the country – and vice versa. There has also been some uncertainty about how the authorities based in London will be treating data security and privacy issues. The consensus seems to be that companies doing business with the second largest economy in Europe (after Germany) should be adopting a ‘business as usual’ approach. However, will this necessarily be the case in the future? Will global companies with a British connection (including those in Asia) be forced to revisit how they treat data security and privacy issues when dealing with the United Kingdom – and will British companies move away from the rules that have been set in place by Brussels? We take a closer look.
In part one of a two part series, we examine some of the challenges that companies face in terms of the evolving privacy and data protection landscape. Data protection and privacy issues are now bedrock strategic issues for companies across the world and Information Security professionals are now under even more pressure to ensure that data remains secure. The value of data as an intangible asset continues to grow and legislation and regulation is becoming ever more stringent. The onus is on companies to comply or suffer the consequences. This is going to require a whole new breed of information security professional. In part two of this series (in next month’s newsletter) we’ll look at the argument for and against a new role combining Chief Security and Privacy Officer in this rapidly evolving regulatory environment.