What All Singapore Organisations Need to Know About GDPR Today
Did you know that the new European Union (EU) General Data Protection Regulation law, better known as the GDPR, is effective 25 May 2018? The GDPR is a new legislation adopted by the European parliament and European Council to bring greater strength and consistency to the rights of EU citizens regarding their personal data.
According to a recent Veritas study on GDPR (reported in December 2017), more than half of organisations in Singapore (56 per cent) are concerned that they will not be able to meet the new EU requirements, and only 18 per cent feel they are already GDPR compliant. However, it is encouraging to note that the majority (95 per cent) of the organisations questioned plan to drive behavioural changes through training, rewards and contracts to help ensure that they comply with GDPR policies.
How GDPR will affect organisations in Singapore
Even though the GDPR is an EU regulation, it also applies to organisations anywhere in the world that handle the data of European citizens and this includes organisations in Singapore. As a destination that attracts many EU visitors and with the EU as a major trading partner, a significant number of organisations in Singapore are required to make changes in order to comply with the new legislation. Fortunately, the changes that organisations are required to make could also indirectly benefit the residents here.
Consumers have better control over personal data
In Singapore, consumers’ personal data is protected by the Personal Data Protection Act (PDPA). One of the main differences between the GDPR and PDPA is the amount of control consumers are able to exercise over organisations who collect their data. Under the GDPR, consumers will have the right “to be forgotten” and request for the deletion or removal of their personal data from company records at any time. In order to abide by the GDPR, organisations will not be allowed to retain personal information beyond the stated purpose for which they obtained the data. The removal of “implied consent” and “opt out” models of marketing will give individuals additional reassurance on the security of their personal information as companies must ensure data is purged in a timely manner. Consumers can also request for a copy of their data organisations hold, at no additional charge, which means any processing costs will have to be borne by the organisation.
How to be GDPR compliant
Being GDPR compliant not only protects your organisation from hefty penalties, but it also enhances trust and goodwill with existing and potential consumers. Here are some ways you can be compliant:
- Practice data minimisation – Data minimisation is a principle which states that collected and processed data should not be held or further used unless it is for a specific reason. Data minimisation also serves as the best practice with maintaining customer trust and reducing the risk of unauthorised access.
- Implement sound policies – Such policies should be established to provide an additional layer of checks and balances. This is to watch for, and prevent, possible human error. These additional checks should also ensure the strict adherence to standard operating procedures and serve as an extra line of defence.
- Appoint a Data Protection Officer (DPO) – As part of the being GDPR and PDPA compliant, organisations in Singapore are required to appoint a DPO. The DPO oversees an organisation’s data protection responsibilities and ensures compliance.
Practicing good data protection habits should be done by everyone in an organisation. Organisations can do so by implementing simple security policies such as Shred-it All Policy, Clean Desk Policy and by putting up Security Reminder Posters for their staff. The secure disposal of sensitive hardcopy documents and hard-drives can reduce the risks of an information breach.
Start Protecting Your Business
Learn more about how Shred-it can protect your documents and hard-drives by contacting us for a free quote and security risk assessment.
 SGSME. 2017. Is Singapore ready as the GDPR deadline draws near?. [ONLINE] Available at http://www.sgsme.sg/news/singapore-ready-gdpr-deadline-draws-near. [Accessed 29 March 2018].