Demonstrating accountable data protection practices.
Singapore-based insurance company, Great Eastern Life has backed its digitalisation strategy with the Data Protection Trustmark (DPTM) and APEC Cross Border Privacy Rules (CBPR) certifications.
The Infocomm Media Development Authority (IMDA) Data Protection Trustmark (DPTM) is a voluntary enterprise-wide certification that recognises organisations with accountable data protection practices. The APEC Cross Border Privacy Rules (“CBPR”) and Privacy Recognition for Processors (“PRP”) Systems are accountability-based and enforceable certifications developed by APEC economies to build consumer, business and regulator trust in cross border flows of personal data. The APEC CBPR and PRP Systems establish a harmonised set of data protection standards consistent with the APEC Privacy Framework, bridging differing national privacy laws to facilitate trusted data transfers across borders.
The value of the certifications for the insurance company is further emphasised with the growing importance of cross-border data sharing to support business activities in Malaysia and Indonesia.
Commitment from the Heart
With over 1.8 million customers, 5,000 financial representatives and 1,500 employees, Great Eastern Life has a strong tradition of emphasising the need to safeguard the personal data of its customers and internal stakeholders. In early 2020, Great Eastern launched the Great Digital Advantage, a first-in-market digital platform aimed at enhancing agency capabilities and productivity while meeting the evolving needs of consumers today. A core component is GreatAdvice, an interactive financial planning tool with a dynamic life storyboard that is personalised for every customer. This provides a more engaging experience and makes it easier for customers to understand and map out their financial plan and solutions. Advertorial The Prestige Suite and new office facilities at Paya Lebar Quarter Planning for life in the age of disruption The road to lifelong learning Besides digital tools, Great Eastern focuses on training programmes that help its multi-generational workforce upskill and reskill. “The role of our financial representatives has evolved over the years, and they face new demands and challenges”, adds Mr Ben Tan, Great Eastern’s Managing Director of Regional Agency and Financial Advisers. “Our priority is to set up our new financial representatives for success. We continue to invest heavily in training and facilities to ensure they can deliver best in class financial planning and client servicing solutions to grow their career with us.” One such tailored programme that will soon be launched is Prestige Partners, targeted at financial representatives who service affluent consumers. Representatives will receive comprehensive training in areas such as legacy and estate planning, business advisory and wills and trust. In addition, they will also undergo specialised training in partnership with Nanyang Technological University’s Wealth Management Institute. For Great Eastern agency leaders, a dedicated programme is in place for them to receive Level 3 IBF (The Institute of Banking and Finance Singapore) accreditation.
To strengthen the data protection culture within Great Eastern Life, the company made onboarding training and annual refresher training mandatory for all staff and financial representatives—equipping them with knowledge on the Personal Data Protection Act (PDPA) and their obligations. Until today, regular circulars on data protection topics are also sent across the company to reiterate the importance of safeguarding their customers’ personal data in the digital age, said Kathleen Tay head of group data management and governance at Great Eastern Life.
“Data protection is a journey and we continue to look at ways to further strengthen our processes and to safeguard our data,” she said.
Road to Accountability
When DPTM and APEC CBPR certifications were first introduced in 2019, the senior management and staff of Great Eastern Life alike quickly saw the value in obtaining both certifications to assure its customers, business partners and stakeholders that the company takes data protection seriously.
To prepare for the assessment, an internal review was conducted where all business units performed a self-assessment of their policies and procedures to ensure compliance to the DPTM and APEC CBPR requirements, noted Tay.
Great Eastern Life’s preparations paid off, resulting in a smooth assessment with only a few suggested improvements to strengthen the company’s data protection policies.
“The business units were prepared and responded to the assessor’s queries with their deep knowledge on data protection and supporting documents promptly. We also took advantage of the integrated assessment to obtain both DPTM and APEC CBPR certifications at one go, saving us time and effort.”
The unforeseen COVID-19 pandemic and resulting delays did not dampen Great Eastern Life’s road to secure the certifications. By September 2020, the company was finally awarded the DPTM and APEC CBPR certifications.
From Good to Best Practices
Since then, the certifications have reinforced Great Eastern Life’s data protection regime. For instance, the company enhanced its PDPA contractual clauses within vendor agreements involving personal data, ensuring that its vendors adopt the same standard when handling personal data belonging to Great Eastern Life. It also saw the importance of maintaining up-to-date documentation of existing workflows and found the sharing of best practices by the assessor to be very useful.
As the cross border personal data transfer increases, the CBPR certification also allows Great Eastern Life to transfer data across borders easily and assures multi-national companies that the company is handling their personal data with utmost care. Moreover, the CBPR certification provides assurance to the regulators of countries where the Great Eastern group of entities operate in that personal data held by the group is properly protected.
With rising digitalisation and the growing adoption of cloud technology across businesses, data flows are expected to be seamless even beyond physical borders. Thus, it is imperative for the organisations particularly in the finance and insurance sector like Great Eastern Life, to provide continuous confidence to their stakeholders that the personal data they hold is appropriately safeguarded.