Compliance in the ASEAN context: the cost, challenges, and solutions
Every organisation found in ASEAN member countries existing today needs compliance with the data protection policies laid out to protect the personal data of everyone. With the fast-paced digitalisation move covering enterprises and consumers, such compliance could be a challenge since not all companies, big or small, have an equal footing in terms of finances and other factors to provide solutions to every identifiable challenge.
With the looming threat to cybersecurity and the increasing number of incidents involving organisations being prey, is your organisation ready to face the challenges of compliance? This was tackled by Privacy Ninja’s very own Master DPO, Sanjeev Gathani, when he spoke at the Risk Beyond 2022 conference in Bali, Indonesia.
5 Challenges of today towards compliance
Sanveej shared that organisations today face 5 challenges that hinder them towards compliance in the ASEAN context:
1. Uncertainty in the marketplace
The market is volatile, and with the pandemic hurting the operations of every organisation, the stability of the market is far more shaky than stable. With this, compliance requires funds. It is an extra burden for organisations that some opt not to do anymore.
2. Talent crunch for cybersecurity professionals
For better cybersecurity, hiring cybersecurity professionals as part of your team is good practice. This is because, in case of a breach, your organisation and employees will be able to respond to mitigate the damage quickly.
However, there are few cybersecurity professionals in the market upon demand. You need to nurture one which drives up the cost of its training and monthly wage. (To this end, outsourcing the requirements to a trusted partner is a plus!) Aside from this, there’s also the risk of the employee leaving the company to find a much more competitive salary.
3. Technological advancement (use of Artificial Intelligence)
While it is true that there are tools that organisations can use to strengthen compliance with data protection policies, such as Artificial Intelligence, the fact remains that not all companies have access to it.
4. Privacy and security in the new world
The pandemic forced every organisation to arrange the employees’ work hours in the comfort of their homes. These employees no longer needed to commute to their workplaces and sit at their work desks, but they could continue working remotely.
However, this move brought problems to the organisation’s privacy and security, either through human-related errors or a lack of safeguards to provide safe access to the company’s cloud, servers, and system. With this, compliance in the ASEAN context became challenging as the new world is still being navigated for the protection of everyone. There are still a lot of uncertainties that need to be acknowledged by the governing body of data protection and the organisation itself.
5. Significant rising in compliance costs
The rising compliance cost is the biggest roadblock to every organisation, especially for Small to Medium Enterprises. According to Sanjeev, the threat of cyberattacks and the introduction of privacy laws across different jurisdictions alone also adds to the cost of compliance.
With this, not all organisations can keep up with the demands of compliance and risk their cybersecurity by being vulnerable to bad actors who are lurking and searching for their next victim. Hence, Sanjeev laid down five actions to reduce such compliance costs.
5 actions to reduce compliance costs
According to Sanjeev, the following are the ways or actions to reduce the compliance costs that organisations are facing right now:
- Hiring compliance ambassadors
- Quantifying compliance risks
- Conducting self-control testing
- Implementing smart controls and procedures
- Conducting cost reduction plans as compliance obligations
Organisations must remember the cost of non-compliance versus that of compliance and make a decision. It is about doing the right thing when no one is watching and ensuring that all understand that compliance is everyone’s problem and not just that of the compliance department.
While the cost of compliance is fleeting, every organisation should remember that in case of a breach, it is not just the financial penalty that the organisation must face. It also includes the organisation’s besmirched reputation and the customers’ lost trust in giving their valuable personal data.
Compliance is needed for every organisation, big or small. Aside from the fact that it is mandatory, it would cost the organisation more if it ops not to comply. This is because when there is a successful breach, the organisation could halt business operations, lose potential clients who only surrender their personal data to trusted ones, and the organisation could pay as much as S$1,000,000 as a financial penalty.
Hiring a DPO is mandatory and must be complied with by all organisations. In a decided case of the Personal Data Protection Commission of Singapore, it held that failure to appoint one is a breach of Singapore’s Personal Data Protection Act which could lead to a hefty financial penalty.
While it is true that it is a challenge to hire your own DPO, there are outsourced DPOs in the market, like Privacy Ninja, that you can hire at a reasonable price. With this, you no longer have to worry about the staggering cost of this requirement compliance as outsourcing one is already available for you to have.
Don’t wait any longer to ensure your organisation is PDPA compliant. Take our free 3-minute self-audit checklist now, the same “secret weapon” used by our clients to keep them on track. Upon completion, we will send you the results so you can take the necessary action to protect your customers’ data. Complete the free assessment checklist today and take the first step towards protecting your customers’ personal data. https://bit.ly/pdpa_compliance