Raymond Goh, Head of Systems Engineering, Asia and Japan, Veeam Software
From 25th of May, complying with the General Data Protection Regulation (GDPR) has become the norm and companies will have to abide by uncompromising regulations sought to protect and empower all European citizens’ data privacy, with stiff fines imposed for non-compliance. While GDPR related news have been dominating headlines in the past few months, more of them will start appearing as the first instances of fines start making headlines.
It should not come as a surprise that Singaporean organisations are not exempt from this regulation. According to the regulation, any organisation that processes or holds the personal data of individuals residing in the EU will be held accountable for the protection of their European consumer’s data. Sure enough, the issue of data privacy has been gaining traction in the past few months. For instance, it was reported at the start of the year that Singapore’s privacy watchdog, the Personal Data Protection Commission (PDPC), fined 22 organisations in the past two years for security breaches that exposed the personal details of Singaporeans.
Organisations worldwide will no doubt, be observing cases of GDPR non-compliance and how they can avoid making similar mistakes and thus suffer similar penalties. At Veeam, we believe that the new GDPR should be treated as the starting block for more comprehensive personal data management in the modern age. As such, compliance should be acted upon before it’s too late and must be treated with the same seriousness as any other major strategic business decision, like expansion or wider digital transformation initiatives.
To do so, businesses need to go about protecting their processes with a ‘privacy by design’ approach. This can be done in a number of ways.
Failing to comply with GDPR can and will have a huge impact on your business with fines
Remain transparent and secure
After numerous data breaches in recent years, it is to no one’s surprise that the public has been well informed with data security issues as of late. According to the regulations, users will have to consent to the collection of their data through an opt in basis. Likewise, users will also be able to exercise a multiplicity of rights over their personal data. This includes placing limits on the use, collection and disclosure of their personal information against organisations. As such, these organisations would have to fulfil their duty to their customers and comply to the regulations in order to maintain customer service and brand reputations.
Organisations must have the fundamental systematic procedures to aid this change through being clear and transparent on their intentions whilst maintaining privacy and security standards. It’s absolutely vital to be keeping an eye on the safety and availability of data, as well as its privacy.
Consider end-to-end security
In the preparations leading up to GDPR, one of the steps that organisations should have taken is to build a comprehensive data map that allows them to quickly see where data is entering their organisation, how it is being collected, and the type of infrastructure and storage solution that underpins its existence.
What would be the next step then? Well, what organisations should now do is to design and retain a proactive—rather than a reactive—approach to data management, availability and security.
Although the approach in question would vary according to each business, every organisation will need to adopt an ongoing plan for data monitoring and protection, which includes strategies for availability and backup, should a breach occur. These plans must be flexible enough to take into account the continuously shifting data landscape. It is also important to note that this does not only require involvement from the IT department, but also from all areas of the organisation.
The new age of GDPR
Failing to comply with GDPR can and will have a huge impact on your business with fines of up to $31 million SGD or 4 percent of annual turnover—whichever is higher for serious violations. Even though we cannot know for sure who or what the regulators will be looking at, whether they will be lenient or enforce the regulations with an iron hand, it is certain that in order to stay protected, all organisations have to treat GDPR as an ongoing commitment and pledge to uphold the standards of data privacy and protection to their consumers.