Why the GDPR will affect businesses across Asia-Pacific

The EU's General Data Protection Regulation will take effect on May 25. Here's what Asian organisations should know.

Ahead of the implementation of the General Data Protection Regulation (GDPR) on May 25 across European Union (EU) countries, a new whitepaper has found that businesses in Asia-Pacific will also be affected by the ruling.

For those unfamiliar with the measure, the GDPR is a new legislation adopted by the European Parliament and council to bring greater strength and consistency to those residing in EU countries regarding their personal data.

Who will be affected?

Organisations based in Asia-Pacific impacted by the new legislation include businesses with branches in the EU, organisations offering services to or employing those who reside in the EU, and anyone who handles, processes or stores data of EU residents or has equipment such as their servers located in the EU.

In Singapore, for example, some 1.8 million tourists from the EU visited the country in 2017, and as a top trading partner of Singapore, a significant number of organisations are likely required to put measures in place to comply with this new legislation.

Organisations will require an overhaul of their existing data governance and management policies, involving in-depth changes to current workflows and technology.

But data protection company Shred-It Singapore, which produced the whitepaper, found that small and medium organisations in Singapore are less likely to be prepared to comply with the GDPR than multinationals.

Many multinational corporations would have sounded their alarm bells months in advance and implemented processes to ensure that they are compliant. Smaller entities would have been doing the exact opposite, the study revealed.

Believing that their impact is too small to matter in the grand scheme of things, small and medium business owners may prioritise day-to-day operations and neglect implementing data protection protocols. With their customer’s personal data left unprotected, these companies are more likely to suffer a data breach and eventually be fined by the ever vigilant Personal Data Protection Commission (PDPC).

Moreover, if smaller companies provide services to individuals living in the EU, they would most likely possess the personal data of EU residents and be subject to GDPR ruling.

Legal implications

Under the GDPR, consumers will have the right “to be forgotten” and request for the deletion or removal of their personal data from company records at any time. Organisations will not be allowed to retain personal information beyond the stated purpose for which they obtained the data.

In the event of a data breach, organisations need to notify their data subjects within 72 hours of the discovery of the breach. The removal of “implied consent” and “opt out” models of marketing will give individuals additional reassurance on the security of their personal information as organisations must ensure data is purged in a timely manner.

“With potential fines of the higher of 20 million Euros – that’s about S$32 million! – and 4% of global turnover, the GDPR will become the global standard for data protection for any organisation with an international outlook,” says Singapore-based lawyer Lyn Boxall.

Duncan Brown, General Manager Singapore & Regional Market Development EMEA/APAC at Shred-it strongly encourages that small and medium enterprises “review their data protection practices immediately and implement new ones to become GDPR compliant”.

Click here for more HR Technology News Click here for more Leadership News Click here for more Learning and Development News
Double incentives in HRM Asia's Digital Learning research
HRM Asia - 19 Jun 2018
Participate in the highly-anticipated Thriving in a World of Digital Learning study with one click from this story!
HRM Asia’s digital learning research now underway
HRM Asia - 12 Jun 2018
The Thriving in a World of Digital Learning survey kickstarted on Friday last week, with significant interest across the HR community in Singapore.
Employee monitoring: Considerations for HR
Kelvin Ong - 11 Jun 2018
While workforce analytics has benefitted HR, concerns surrounding data privacy and security are growing.
A step-by-step guide to building a culture of innovation
HRM Asia - 04 Jun 2018
There are no sure-fire ways to achieving a culture of innovation, but here are some tips businesses should consider.
Digital learning survey with academic backing
- 04 Jun 2018
Get ready to participate in a ground-breaking benchmarking study of digital learning in Singapore
Deutsche Bank embarks on "thorough" layoff exercise
Kelvin Ong - 25 May 2018
CEO Christian Sewing says the company will drop from its current headcount of 97,000 to "well below 90,000" by 2019.