Are You Ready for GDPR?

Are You Ready for GDPR?

FacebookTwitterLinkedIn
Are You Ready for GDPR?

 

At more than $125 million worth of exports, the EU is ASEAN’s second largest trading partner after China.

Though the General Data Protection Regulation (GDPR) only comes into force on May 25, 2018, regionally based businesses should not be too quick to dismiss the regulations as irrelevant to their operations.

The GDPR stipulates rules and penalties compelling businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states. The new regulations include an overview of where and how personal data - including credit card details, banking and health records - are stored and transferred.

According to a Veritas1 report on GDPR, 56 percent of Singapore companies are concerned they will not meet the new EU requirements, and only 18 per cent feel confident they are GDPR-compliant. More than a third of those surveyed don’t have the right technology in place to cope with GDPR compliance.

With just four months to go before the rules take effect, organisations should look to establish a clearly defined governance strategy and be aware of the prosecution risks for violating GDPR. Non-compliant companies can expect huge penalties of up to four per cent of global turnover or 20 million euros, whichever is greater.

But it doesn’t end with penalties. Being non-compliant will have a damaging impact on the company’s reputation and brand, lead to higher compliance costs and loss of customers if the GDPR governing authorities go public about the violations.

If your organisation is trading with the EU, here are several steps to start your compliance journey today. 

Set Up A Taskforce

You must set up a cross discipline team to manage the GDPR compliance process. This is a wide-ranging effort that should include IT, legal and marketing teams as well as board-level sponsorship. If your organisation lacks the expertise or confidence to undertake the process, consider external consultants for help.

Audit Your Data

Build a data map to establish where personal data is stored, access rights, data retention policies, and where the data is moved as it is processed during transactions. This is critical so you can determine where the data resides at any point.

Subject Access Request

If your organisation is trading with the EU, residents of member states can request to correct, delete and port all their personal data with a Subject Access Request (SAR). The SAR ensure EU citizens have full visibility to how their personal data is managed. Full GDPR compliance requires the capacity to service these requests in a timely manner to avoid penalties.

Reduce

A key provision of GDPR is to reduce the overall amount of stored personal data. Data retention policies must provide for automatic expiration once the transaction is over and the personal data has exhausted its original purpose.

Secure the Data

Seeking the assistance of an advisory service is essential to demonstrate your organisation’s capacity to integrate data protection into all data collection and processing activities. Advice in the areas of knowledge transfer, global legal compliance and addressing privacy laws pertaining to GDPR will be critical.

Real-time Monitoring and Reporting

GDPR requires companies to investigate and report data breaches to the supervisory authority within 72 hours, and even to the individuals affected. While this does not apply to all types of breaches, your organisation should have sufficient monitoring capacity for possible breaches that will quickly trigger reporting procedures.

Taken together, these best practices will assist organisations to comply with GDPR and set in place robust data management protocols to ensure they are on the right side of the law. Following these steps now reduces the risk of a data breach and protects your organisation from huge fines and considerable reputational damage.

Get advice on GDPR compliance or data protection concerns today.

1 The Veritas 2017 GDPR Report

You may also like

Bridging the cyber talent gap: Why training matters as much as hiringShare
Apr 2025 | -
cyber security
Bridging the cyber talent gap
Singapore is tackling the cyber talent shortage by creating new ways for people to enter and grow in the field—no tech background needed. With industry-led training and support from key industry players, these programmes focus on real-world skills and practical readiness, helping build a stronger, more resilient cyber security workforce for the nation’s digital future.
Shield against cyber scams through preparedness programmeShare
Mar 2025 | -
cyber security
Shield against cyber scams through preparedness programme
Cyber scams are evolving, exploiting both technology and human psychology, making cyber security training essential for organisations. Frost & Sullivan explores how Singtel’s CSI offers a comprehensive Cyber Scam Preparedness programme, emphasising shared responsibility and victim empathy to equip frontline employees as the first line of defence against cyber threats.
Organisations with managed connectivity and cloud-delivered SSEShare
Mar 2025 | -
cyber security
Securing organisations with managed connectivity and SSE
This infobrief explores how managed connectivity and cloud-delivered Secure Service Edge (SSE) can protect IoT and mobile-enabled organisations, highlighting the importance of robust security solutions to safeguard devices, data, and networks in an increasingly connected world.