Why the GDPR will affect businesses across Asia-Pacific

The EU's General Data Protection Regulation will take effect on May 25. Here's what Asian organisations should know.

Ahead of the implementation of the General Data Protection Regulation (GDPR) on May 25 across European Union (EU) countries, a new whitepaper has found that businesses in Asia-Pacific will also be affected by the ruling.

For those unfamiliar with the measure, the GDPR is a new legislation adopted by the European Parliament and council to bring greater strength and consistency to those residing in EU countries regarding their personal data.

Who will be affected?

Organisations based in Asia-Pacific impacted by the new legislation include businesses with branches in the EU, organisations offering services to or employing those who reside in the EU, and anyone who handles, processes or stores data of EU residents or has equipment such as their servers located in the EU.

In Singapore, for example, some 1.8 million tourists from the EU visited the country in 2017, and as a top trading partner of Singapore, a significant number of organisations are likely required to put measures in place to comply with this new legislation.

Organisations will require an overhaul of their existing data governance and management policies, involving in-depth changes to current workflows and technology.

But data protection company Shred-It Singapore, which produced the whitepaper, found that small and medium organisations in Singapore are less likely to be prepared to comply with the GDPR than multinationals.

Many multinational corporations would have sounded their alarm bells months in advance and implemented processes to ensure that they are compliant. Smaller entities would have been doing the exact opposite, the study revealed.

Believing that their impact is too small to matter in the grand scheme of things, small and medium business owners may prioritise day-to-day operations and neglect implementing data protection protocols. With their customer’s personal data left unprotected, these companies are more likely to suffer a data breach and eventually be fined by the ever vigilant Personal Data Protection Commission (PDPC).

Moreover, if smaller companies provide services to individuals living in the EU, they would most likely possess the personal data of EU residents and be subject to GDPR ruling.

Legal implications

Under the GDPR, consumers will have the right “to be forgotten” and request for the deletion or removal of their personal data from company records at any time. Organisations will not be allowed to retain personal information beyond the stated purpose for which they obtained the data.

In the event of a data breach, organisations need to notify their data subjects within 72 hours of the discovery of the breach. The removal of “implied consent” and “opt out” models of marketing will give individuals additional reassurance on the security of their personal information as organisations must ensure data is purged in a timely manner.

“With potential fines of the higher of 20 million Euros – that’s about S$32 million! – and 4% of global turnover, the GDPR will become the global standard for data protection for any organisation with an international outlook,” says Singapore-based lawyer Lyn Boxall.

Duncan Brown, General Manager Singapore & Regional Market Development EMEA/APAC at Shred-it strongly encourages that small and medium enterprises “review their data protection practices immediately and implement new ones to become GDPR compliant”.

Click here for more HR Technology News Click here for more Leadership News Click here for more Learning and Development News
Will blockchain bring back data ownership to individuals?
HRM Asia - 31 Jul 2018
Blockchain may pave the road to a future where large-scale cyber breaches could be a thing of the past.
Asia's biggest HR and Technology Conference unveiled
- 02 Aug 2018
HR Festival Asia will combine the global expertise of the US HR Technology Conference and Exposition, with the local knowledge and comprehensive coverage of HR Summit and Expo Asia.
Indonesia leads Southeast Asia in AI adoption
HRM Asia - 12 Jul 2018
The country is well ahead of Singapore, Malaysia, and Thailand, according to a new IDC report.
Six future banking roles, according to HSBC
Kelvin Ong - 05 Jul 2018
These six roles will rely on both human intelligence and technology to deliver the best customer experience.
The four pillars to building a future-ready workplace
- 28 Jun 2018
HR futurist Jason Averbook says technology is only a small part of the overall picture.
Double incentives in HRM Asia's Digital Learning research
HRM Asia - 19 Jun 2018
Participate in the highly-anticipated Thriving in a World of Digital Learning study with one click from this story!