What has a privacy regulation from the ever-bureaucratic European Union (EU) got to do with Singapore companies?
Like it or not, its long arm extends beyond borders and could threaten to penalise those that do not handle the private data of European citizens and residents with enough care.
And whether they wish to argue if it is over-reaching, organisations around the world – including those in Singapore – are worried about not meeting the new requirements, according to a study by data management vendor Veritas Technologies released today.
It found that 92 per cent of organisations surveyed in Singapore were concerned about not complying with the EU’s General Data Protection Regulation (GDPR) when it takes effect in May 2018. Globally, 86 per cent are worried about the fallout, it added.
The insight comes from more than 900 senior business decision makers across Europe, the United States and Asia-Pacific. The impact, they fear, could include damage to their brand image and even job losses.
That’s besides the fine that their organisations could face, should they not manage the data of EU consumers carefully. This goes up to as much as US$21 million or four per cent of annual turnover, whichever is greater.
The GDPR promises to unify European data protection requirements and make it easier for businesses to comply. For example, they will have to ensure that they know where personal data is stored, who has access to it and who has recently handled it. In other words, a proper process and audit trail.
However, it has been criticised for jusridictional over-reach and its effect on innovation. In Singapore, many businesses that deal with EU consumers or employees will have to comply or risk running afoul of the regulations.
An online store here, for example, which sells to global customers including those from the EU will have to handle their personal data according to the new regulations. And a company here that hires citizens or residents from the EU has to do the same.
Veritas’ country manager for Singapore, Sheena Chin, told Techgoondu that a lot of companies here are aware of GDPR and studying how it would impact them.
“Certainly, they don’t want to get into an unnecessary situation where they will be exposed (to the penalties),” she said.
To improve information governance, she pointed to orphaned data – say, files that are left behind when people leave a company – as one area to start with.
Another area is preventing data loss, which is having policies and processes in place, as well as enforcement, to prevent data from being removed by unauthorised users.
Of course, the Veritas has a vested interest in bringing up the issue of compliance. It provides software and services to help large organisations manage a growing mountain of data as storage has become so cheap in recent years.
Yet, it is a real challenge for these organisations to keep track and make sense of all that data, including so much that is unstructured, useless and could potentially become costly if exposed in future.
Chin said there may be stop-gap solutions, for example, for an online store block out EU customers while it fixes its data governance issues.
However, with governments around the world tightening up on data protection for consumers, the risk of exposure is driving many organisations to make sure they comply with any regulations that may adversely impact them, she added.