Seven data protection trends in ASEAN for 2020

The Data Protection Excellence (DPEX) Centre, the learning and research arm of Straits Interactive, of which EITSC is a partner, identified seven data protection trends for organizations in ASEAN to look out for in 2020. The trends were compiled from observations, interviews and research done by the Centre's certified information privacy experts as well as its advisors from the DPEX Network in the region.

Kevin Shepherdson, Chief Executive Officer, Straits Interactive and Head, DPEX Centre, said: "Besides the General Data Protection Regulation (GDPR) that is continuing to change the privacy landscape in the European Union, ASEAN is fast becoming one of the hottest regions for data protection as local laws are either being newly introduced such as in Indonesia and Thailand or enforced such as in Singapore and the Philippines.”

These developments, followed by a spate of highly publicized data and privacy breaches, will prompt many organizations to take data protection laws seriously and consider putting in resources to demonstrate accountability.

DPEX identified seven trends that boards and management teams ought to pay more attention to in 2020 which DPEX discussed in a web conference last week. As some of you may have missed this web conference, let me outline the trends and add some of my observations:

1. More intensive enforcements with increased emphasis on operational compliance amid data breaches arising from mass digitization and improper use of privacy-intrusive technologies. As I outlined in my column last week on data privacy and cyber security in 2020, there could be an inordinate rise of security breaches, attacks and incidents. We have to be aware that hackers will use technology against us.  Often it is negligence and lack of data protection knowledge of the organization’s internal staff that allows the hack to take place.

2. Both the public and private sectors will continue to grapple with data protection issues and new privacy requirements.  There is no doubt that the Philippine National Privacy Commission will play a tougher role in 2020 with emphasis on negligence in the implementation of the Data Privacy Act. The public sector organization having been entrusted to handle the citizen’s data will have to up its game in caring for their personal data.

3. Continued importance and applicability of GDPR to ASEAN. With Europe playing a bigger role in ASEAN, especially involving cross-border data flows, it is essential that companies in the Philippines are incorporating the requirements of the GDPR and the privacy rules of ASEAN partners in their automation and monitoring software.

4. Shift from local to regional compliance for organizations with multiple regional presence. Regulators around the world require companies to disclose data breach incidents, but research shows that too often these regulators share too little of the data breaches to be of use for companies that need to learn from the breaches. There should be incentives for organizations to share what data they have about cyber-attacks and vulnerability. Let’s use technology for the common good and create a better world.

5. Significant rise in demand for data protection expertise and professional certification.  Given the impending trends it becomes obvious to all of us that the talent crunch is intensifying. Straits Interactive and DPEX are addressing the talent crunch through intensive training and professional certification in many countries, including the Philippines.

Whether you’re starting from scratch or building on an existing privacy program, developing all of the processes required for compliance can be challenging, especially this late in the game. To support compliance, you will need to have people and processes in place to manage your data inventory, risk assessments, consumer rights requests, privacy notices, sale of data, consent, incident response and more.

As compliance is such a strategic issue it deserves top management’s utmost and undivided attention, and willingness to make resources, like automation tools, available.

6. Emphasis on data protection audits as well as increased adoption of data protection certification frameworks and trustmarks. I understand that the NPC is working on a Philippine Trustmark which will have to be taken seriously by organizations in this country.  Regionally, there will be further momentum in the adoption of data privacy frameworks – from APEC Cross border privacy rules (CBPR) and Privacy Recognition for Processors (PRP) to the ASEAN Privacy Framework.

7. Emergence of established and new players in the ASEAN region offering data protection services and solutions. While competition will have to be accepted, let me outline that ethical decisions are rarely easy. As we enter 2020, even less so. Smart machines and vast amounts of consumer data not only offer incredible opportunities for modern organizations, they also present a moral quandary: Is it okay to abandon ethics as long as my actions are legal? In my view, the heart of business should be its people and not machines!

More information about the DPEX Centre can be found at www.dpexcentre.com. More information about EITSC’s involvement in compliance management and data privacy protection can be received from me – contact me at [email protected]