Why the GDPR will affect businesses across Asia-Pacific

The EU's General Data Protection Regulation will take effect on May 25. Here's what Asian organisations should know.

Ahead of the implementation of the General Data Protection Regulation (GDPR) on May 25 across European Union (EU) countries, a new whitepaper has found that businesses in Asia-Pacific will also be affected by the ruling.

For those unfamiliar with the measure, the GDPR is a new legislation adopted by the European Parliament and council to bring greater strength and consistency to those residing in EU countries regarding their personal data.

Who will be affected?

Organisations based in Asia-Pacific impacted by the new legislation include businesses with branches in the EU, organisations offering services to or employing those who reside in the EU, and anyone who handles, processes or stores data of EU residents or has equipment such as their servers located in the EU.

In Singapore, for example, some 1.8 million tourists from the EU visited the country in 2017, and as a top trading partner of Singapore, a significant number of organisations are likely required to put measures in place to comply with this new legislation.

Organisations will require an overhaul of their existing data governance and management policies, involving in-depth changes to current workflows and technology.

But data protection company Shred-It Singapore, which produced the whitepaper, found that small and medium organisations in Singapore are less likely to be prepared to comply with the GDPR than multinationals.

Many multinational corporations would have sounded their alarm bells months in advance and implemented processes to ensure that they are compliant. Smaller entities would have been doing the exact opposite, the study revealed.

Believing that their impact is too small to matter in the grand scheme of things, small and medium business owners may prioritise day-to-day operations and neglect implementing data protection protocols. With their customer’s personal data left unprotected, these companies are more likely to suffer a data breach and eventually be fined by the ever vigilant Personal Data Protection Commission (PDPC).

Moreover, if smaller companies provide services to individuals living in the EU, they would most likely possess the personal data of EU residents and be subject to GDPR ruling.

Legal implications

Under the GDPR, consumers will have the right “to be forgotten” and request for the deletion or removal of their personal data from company records at any time. Organisations will not be allowed to retain personal information beyond the stated purpose for which they obtained the data.

In the event of a data breach, organisations need to notify their data subjects within 72 hours of the discovery of the breach. The removal of “implied consent” and “opt out” models of marketing will give individuals additional reassurance on the security of their personal information as organisations must ensure data is purged in a timely manner.

“With potential fines of the higher of 20 million Euros – that’s about S$32 million! – and 4% of global turnover, the GDPR will become the global standard for data protection for any organisation with an international outlook,” says Singapore-based lawyer Lyn Boxall.

Duncan Brown, General Manager Singapore & Regional Market Development EMEA/APAC at Shred-it strongly encourages that small and medium enterprises “review their data protection practices immediately and implement new ones to become GDPR compliant”.

Click here for more HR Technology News Click here for more Leadership News Click here for more Learning and Development News
70% of China's jobs likely to be replaced by robots
- 20 Sep 2018
Artificial intelligence (AI) is likely to replace about 70% of occupations in China in the future.
Chinese insurer Aviva-COFCO ventures into HR management space
- 18 Sep 2018
The company says that "the need to help organisations to be better prepared for a changing business environment has become greater than ever".
HR Job of the Week - September 14, 2018
HRM Asia - 14 Sep 2018
Among the opportunities listed on My HR Career this week, is this newly-created business partner role with an exciting startup in the Fintech space.
Infographic: The future workplace is digital
- 10 Sep 2018
A new global study reveals the benefits and potential in the digital workplace.
HRM Five: Data literacy
- 09 Sep 2018
In this week's HRM Five, we discuss how HR professionals can make sure they and their organisations don't get left behind in the data-driven future.
Business leaders anticipate AI will diversify human thinking
- 07 Sep 2018
A new study finds that many business leaders are optimistic about AI's impact on the future of work.