Is Singapore ready as the GDPR deadline draws near?

AS Singapore works towards becoming a Smart Nation, it is important to strike a balance between leveraging Big Data to transform the economy and data privacy. On the business front, data relating to individual behaviours and preferences have translated into a competitive advantage for many organisations. However, while many organisations have recognised the value of data as the new fuel for growth, not all are well prepared for the fast-evolving data regulation landscape, both locally and across the globe.

In recent months, Singapore's Personal Data Protection Commission (PDPC) proposed a revision to the existing Personal Data Protection Act (PDPA), which will require organisations to inform customers of personal data breaches as soon as they are discovered. Organisations must also report the breach within 72 hours. This will add to the existing PDPA which comprises various rules governing the collection, use, disclosure and care of personal data in Singapore. Rapid advances in technologies - such as the ability of devices to seamlessly collect and transmit personal data across networks - present challenges for consent-based approaches to personal data protection. It is critical for organisations to be mindful that the proposed review will potentially impact their organisations if they process personal data for internal use or on behalf of another organisation.

Adopted in April 2016, the General Data Protection Regulation (GDPR) requires businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states. The new regulation, which will take effect from May 25, 2018, will include an overview of where and how personal data - including credit card details, banking and health records - is stored and transferred.