The pandemic boosts digital economy but data protection must take priority for businesses.
The Personal Data Protection Commission (PDPC) Singapore wants to help businesses use data responsibly to grow businesses, compete well, and to develop new products and services.
The PDPC was amended to do just that. As of February this year, the PDPA requirements were clarified and it introduced new exceptions that businesses can use to perform research, streamline business operations, and well as perform other legitimate uses.
Lew Chuen Hong commissioner at the PDPC said it planned to provide more real examples for companies to learn from and to develop case studies and templates, so that businesses can learn how to responsibly innovate and develop new services, and we welcome all businesses to take part in this journey.
Data breaches can be prevented
At the same time, better use of data also requires more emphasis to do so responsibly and to protect that data. The PDPA was also amended to make that much clearer. With mandatory notifications as well as enhanced penalties, the aim was to ensure companies do remain accountable for the data that they use.
“Over the past years, the PDPC has investigated more than 600 cases and issued more than 100 decisions,” said the Commissioner. “Many of these cases could have been prevented. In recent years, we have seen increasing amounts of issues related to ICT management and the failures to do so at that level.”
The PDPC has identified the most common ICT gaps, as well as the corresponding good practices that organisations should put in place,” he noted.
“We will be sharing more of these and how you can guard against these common types of data breaches as you perform your businesses,” he said.
Establishing trust in global data flows
Looking beyond Singapore, the digital economy is one without boundary constraints. Cross border data flows are important to support global digital trade and e-commerce. The legislative frameworks on data protection vary with different countries, and at times this makes it challenging for businesses to do data transfers.
“To ensure personal data can flow smoothly across borders, the PDPC is focused on building interoperability in data protection regulations through common standards and mechanisms,” noted the Commissioner. “The predominant transfer mechanism in use around the world is contractual clauses, as they are the most flexible and recognised under all data protection systems.”
Within ASEAN, Singapore plays an active role in capacity building and we have developed common mechanisms such as the ASEAN Model Contractual Clauses (MCCs) which perform this function.
This is an important effort as the economies in ASEAN have many inter-dependencies, and the convergence of data protection laws will enable better cross border transfers of data by all the companies, said the Commissioner.