By: Sonny Zulhuda
Data is asset in today’s interconnected world. With the changing digital lifestyle and emerging digital workplace, managing personal data becomes a key trust factor for organisations.
The digitalisation of process and records, mobile workplace concept, synchronisation of gadgets and data, as well as emergence of smart contract have all contributed to this change.
Internally, managing data serves as a critical assets management. Externally, it becomes a shield of legal compliance as well as a key competitive value in a more increasingly regulated environment.
In many parts of the world, Personal Data Protection (PDP) is made as a critical trade issue, including a potential trade barrier in the event of trans-border data transfer.
The EU General Data Protection Regulations (GDPR) is setting a new global PDP benchmmark. Meanwhile in this part of the world, Malaysia, Singapore, Philippines and Thailand are already enforcing their respective PDP laws. Soon Indonesia is following the suit with the drafting and enacting of the laws.
The requirement of PDP law raises a new set of data due diligence for financial organisations. Privacy Impact Assessment (PIA) and data breach notification (DBN) are among those legal regime that requires careful due diligence under the PDP law.
In short, all life cycles of data management have now to be embedded in a comprehensive, cross-sectoral governance within the financial organisations.
The data management policies need to be comprehensive and up-to-date. Public communication has to be real time. For that purpose, not only do we require a specially designated high-level data protection officer (DPO), but also we require regular transparency report on our data affairs.
Gone are the days that data protection is only seen as technical and trivial issues. PDP is now a board issue, looking out to both reputational and legal risks and opportunities.