PDPA is Essential for the Digital Economy - Young Technology Consulting

Many countries have enacted personal data protection laws and stepped up enforcement. These laws are essential for the healthy development of the digital economy where data is the new currency. With the many data breaches and notorious data abuse cases as backdrop, the needs for personal data protection law are getting more urgent and essential.

The EU has taken the lead with its comprehensive and stringent laws, General Data Protection Regulations (GDPR), which took effect in May 2018.

Singapore has enacted the PDPA in 2012 and enforcement from 2014. Over the years, the Personal Data Protection Commission (PDPC) has built up its enforcement capability. However, despite the fact that enforcement cases have grown and publicized in the newspapers, many companies are still oblivious to the PDPA. Many breaches were avoidable.

In the other ASEAN countries, the Philippines enacted PDPA in 2012 and started enforcement from 2016. Its National Privacy Commission (NPC) has been quite active lately in enforcement actions. Malaysia has its PDPA since 2010. It has not been actively enforced and is slated for a review to keep up with the time. Thailand has just published its PDPA in May 2019 which will come into force from May 2020 onwards. Indonesia, in the mean time, is in the process of drafting a law.

China issued a Personal Information Security Specification (PISS) in May 2018 following its cybersecurity law in 2017. PISS is not a law but a guideline. News from the vineyards that it will publish a personal data privacy law in 2020.

Companies will need to understand and implement policies and processes to comply with GDPR and PDPA in different countries.

Watch this space, we will have regular updates and provide guidelines to help businesses and their appointed Data Protection Officer (DPO) to navigate through this uncharted water

*******

Young Technology Consulting is based in Singapore. We specialize in data privacy and protection practices. We advise and help businesses to implement systems, policies, and processes to comply with GDPR and PDPA in ASEAN and China.