Featured Beulah Becker  

The Seven Data Protection Trends in ASEAN According to DPEX

Data Protection Excellence (DPEX) Centre identified seven of the likely data protection trends in ASEAN organisations. The trends were compiled from research, interviews, and observations conducted by their certified information privacy experts as well as the advisors from the DPEX network.

According to Kevin Shepherdson, head of DPEX Centre and Chief Executive officer of Straits Interactive, “Besides the General Data Protection Regulation (GDPR) that is continuing to change the privacy landscape in the European Union, ASEAN is fast becoming one of the hottest regions for data protection as local laws are either being newly introduced such as in Indonesia and Thailand or enforced such as in Singapore and the Philippines.”

The developments along with a number of highly publicised data and privacy breaches has prompted many organisations to take laws that are related to data protection seriously. To help ensure organisations will show accountable and sound data protection practices, schemes like the DPTM (Data Protection Trustmark) was introduced.

Aside from enhancing and promoting consistency in data protection standards across all sectors, DPTM can also strengthen the confidence of consumers in terms of how organisations manage personal data. Essentially the DPTM is designed to help organisations create responsible and accountable data protection practices.

The Seven Data Protection Trends

  1. More rigorous enforcements are expected with increased emphasis on operational compliance amid data breaches that arise from incorrect use of privacy-intrusive technologies and mass digitization. It is also possible there will be an inordinate rise of incidents, attacks, and breaches. It is important to be aware that hackers will use the technology against organisations. In most cases, it is the lack of data protection knowledge and negligence that allows the hack to occur.
  2. Both the private and public sectors will continue to struggle with new privacy requirements and data protection issues. Undoubtedly, the Philippine National Privacy Commission will play a tougher role. The emphasis will be on the negligence  in the implementation of the Data Privacy Act.
  3. Continued applicability and importance of GDPR to ASEAN. With Europe playing a bigger role especially involving cross-border data flows, it is crucial that companies in the Philippines are incorporating the requirements of the GDPR and the privacy rules of partners in their monitoring and automation software.
  4. There is an expected shift from local to regional compliance for those organisations with multiple regional presence. Regulators the world over will require companies to divulge data breach incidents. Research also indicates that too often, the regulators share very little of the data breaches for companies to learn from the breaches.
  5. There is a significant rise in the demand for professional certification and data protection expertise. Considering the impending trends, it becomes obvious that the talent crunch has intensified. DPEX and Straits are addressing the talent crunch through professional certification and intensive training in several countries, including the Philippines. To support compliance, you need to have processes and people in place to help manage your consumer rights request, sale of data, consent, privacy notices, and data inventory.
  6. There will be emphasis on data protection audits as well as more adoption of  data protection trustmarks and certification frameworks. Regionally, there is more momentum in the adoption of data privacy frameworks—from Privacy Recognition for Processors (PRP) to the ASEAN Privacy Framework.
  7. Emergence of new and established players in the ASEAN region that will offer data protection solutions and services. Smart machines and a huge amount of consumer data will not only provide incredible opportunities for organisations, a moral quandary will also likely to occur: Is it okay to get rid of ethics as long as the actions are legal? In essence, the heart of the business should be the people as opposed to machines.