sdecoret - stock.adobe.com

New industry network to bolster data protection in ASEAN

The Data Protection Excellence network will assist organisations and individuals new to data protection laws by providing hands-on training and professional certification courses

This article can also be found in the Premium Editorial Download: CW ASEAN: CW ASEAN: Unlock flash opportunities

A group of universities, certification bodies, law firms and data protection experts have banded together to form an industry network that hopes to shore up the data protection capabilities of organisations in Southeast Asia.

The first of its kind in the region, the Data Protection Excellence (Dpex) network will assist organisations and individuals new to data protection laws by providing hands-on training and professional certification courses.

Spearheaded by data protection consultancy Straits Interactive and Singapore Management University (SMU), it will also promote sharing of best practices and research in data protection and operational compliance across the region.

The formation of the Dpex network comes at a time when demand for data protection expertise is growing.

According to the International Association of Privacy Professionals (IAPP), more than 28,000 data protection officers (DPOs) will be needed in the European Union, and as many as 75,000 around the globe as a result of the General Data Protection Regulation (GDPR).

With DPOs being a mandatory requirement in Singapore and in the Philippines, research by Straits Interactive has shown that more than 10,000 data protection professionals will be needed in Singapore alone in the next three years.

Singapore, along with neighbouring Malaysia and the Philippines, are already enforcing local data protection laws, while Indonesia and Thailand are expected to follow suit by the end of 2018.

Read more about data protection in APAC

  • Singapore is reviewing its personal data protection laws to keep up with the changing technology landscape, such as growing adoption of the internet of things where seeking consent from consumers for the collection and use of personal data may not be practical.
  • Faced with the double whammy of complying with Australia’s upcoming data breach notification requirement and Europe’s new data protection regime, Australian firms are behind where they need to be in their compliance efforts.
  • Singapore organisations are among the least prepared in the world for GDPR, which imposes restrictions on any organisation that deals with the personal data of EU residents.
  • Australia has introduced a communications data retention law along the same lines proposed for UK legislation, despite opposition from citizens.

In Singapore, current and aspiring DPOs can take up two new SMU advanced certificate courses, leading to an advanced diploma in data protection and the Professional Conversion Programme (PCP) for DPOs.

The advanced certificates, which cover data protection principles and operational requirements of data protection laws in ASEAN, Greater China and the European Union, are targeted at non-legal professionals interested in data privacy and protection.

Through the PCP, those training to become DPOs are also matched with employers participating in the same programme, thus lowering the cost of hiring data protection staff, particularly for small and medium-sized enterprises.

Lim Lai Cheng, executive director of SMU Academy, the professional training arm of SMU, said the institution had been partnering the industry and tuning in to the needs of various sectors and areas, such as data protection.

“We see a big potential here, having successfully trained close to 500 undergraduates and individuals in our hands-on data protection officer course thus far, as part of our professional continuing education programme,” she added.

Straits Interactive CEO Kevin Shepherdson said such training initiatives would help to “professionalise the role of the data protection officer, training individuals to attain international certification standards and making a concrete contribution to meeting the demand for data protection expertise in Singapore as well as in the ASEAN region”.

Besides Straits Interactive and SMU, other Dpex members include the Islamic University of Malaysia, Indonesian information security specialist Xynexis, the IAPP, Dutch certification body Exin, the Open Compliance Ethic Group, European legal publisher Lexxion, European Institute of Technology Science Centre Foundation, as well as legal firms Lyn Boxall and FMH Law.

Read more on Data protection regulations and compliance