PDPA stands for Personal Data Protection Act. The PDPA regulates the collection and processing of personal data in Singapore. It has been around for more than a decade now. The PDPA provides a set of guidelines for the various requirements governing the collection, use, disclosure and care of personal data in Singapore. The PDPA also comes with a hefty fine for any non-compliance of up to SGD1 million or 10% of your annual revenue, whichever is high.
What Does the PDPA Mean for You and Your Company?
If you are collecting and/or processing personal data, you would want to deep dive into the PDPA and understand your obligation. With the Data Protection Officer as the only role in a company mandated by law, the emphasis on safeguarding personal data collected cannot be understated.
Companies expose themselves if they do not quickly get up to speed on their obligations and duties to protect personal data. The fallout of a data breach can have damaging outcomes. Imposing fines can heavily impact a company’s finances. In some cases, when a company cannot afford the fine imposed, it may be forced to shut down permanently.
The Noose is Tightening
Not trying to sound overly dramatic, the PDPA noose is tightening each day. If you are not addressing issues around personal data collected, the likelihood of a PDPA non-compliance and subsequent investigation increases each day. Below are three reasons why.
More and more people are understanding their rights in regard to their personal data. They understand the dos and don’ts of the regulations. Understanding their rights, they might inform the PDPA of any missteps.
Secondly, companies are fast becoming increasingly porous. In the past, data could only move about within the corporate network. With USB drives and handheld devices entering their workplaces, data could be easily copied and taken out of the office. Also, with online storage on the Internet, files and folders could be easily transferred out of the company’s network and onto the Internet.
The recent Covid outbreak does not help in protecting personal data. Instead, it ups the notch in making a company more porous and susceptible to a cyberattack. Before Covid, most of the workforce was working within the company’s network, behind the company’s corporate firewall.
Post Covid, people are now working from home, outside the corporate firewall. They have to connect to the network remotely. This remote working arrangement exposes remote users to attacks by cybercriminals.
Without proper policies, technology controls and cyber awareness training to manage employee actions, companies are setting themselves up for trouble.
We can help to improve your cyber resilience and also make you more compliant to meet the demands of the PDPA, shall we have a conversation?