Data Protection Trends and the Role of a Data Protection Officer

The COVID-19 pandemic has undoubtedly transformed the landscape of the economy and sped up the digitisation process. Unfortunately, the shrinking market and recession have caused many people to lose their livelihood. To survive, many businesses have embraced digital solutions and online transactions.

To quickly digitalise their business, many might overlook integrating data protection aspects into their operational controls. Fortunately, Advanced Certificate in Data Protection Operational Excellence are now being offered to give people a better understanding of the legal and data protection requirements in Asia.

Advanced Certificate in Data Protection Operational Excellence will be awarded to participants upon completion of six modules. Aside from those employees who want to have a more thorough understanding of data protection requirements, this is also ideal for data protection officers, privacy officers, and other personnel with data protection responsibilities.

Nowadays, hackers as well as other malicious agents are just waiting for an opportunity to steal employee or customer data from businesses. This paved the way for a career that is quietly but surely on the rise: data protection officer (DPO).

Tasks of a Data Protection Officer

The tasks of DPOs can be summarised into the acronym GAPSR (govern, assess, protect, sustain, and respond).

Primarily, a data protection officer’s task is to help the organisation in governing how personal data is used, disclosed, collected, or stored within an organisation based on the requirements of the Personal Data Protection Act and other relevant data protection laws.

From an operational perspective, the following are the main responsibilities of a data protection officer:

  1. Assess any risks that are related to the processing of personal data. This includes conducting a data protection impact assessment or DPIA.
  2. Protect the organisation by creating a data protection management programme against identified risks. This can include the implementation of processes and policies for handling personal data.
  3. Sustain the compliance efforts above by communicating personal data protection policies to the stakeholders. This includes performing audits, training, and ensuring the ongoing monitoring of risks.
  4. Respond and manage personal data protection complaints and queries as well as liaising with local and international data protection regulators on data protection matters. This is especially important if there is a data protection breach.

Under the Personal Data Protection Act (PDPA) of Singapore, each organisation is required by law to assign at least one individual as a data protection officer. All firms in Singapore need to also ensure that personal data of internal and external stakeholders (i.e., employee and customer data) are protected.

In the PDPA, the DPO role is defined as an individual who is assigned to oversee the data protection responsibilities within an organisation and ensure compliance with the law.

Many countries in ASEAN have now started to legislate laws that safeguard personal data. This is in response to the requirements that are set by more matured markets. Many are modelled after the European Union which enforces the General Data Protection Regulation or GDPR.

The regulation stipulates that a DPO has an enterprise security leadership role that requires them to assist the organisations in terms of monitoring internal compliance. Data protection officers will also provide information and advice on data protection obligations as well as advice regarding Data Protection Impact Assessments (DPIAs).

Data protection officers will also function as a contact point for the supervisory authority and data subjects.