Security around data privacy is an increasingly urgent priority for businesses, and the consequences of data breaches can be harsh. How can you ensure you stay compliant with regulations?

The Singtel data security seminar held on 27 March 2018 at the Singtel Comcentre saw a full turnout across various industries and different departments, from HR and sales decision-makers to IT users. “Drive your organisation towards data compliance and protection” was the theme, and David Foo, director of Virtual Team, led the 3-hour seminar.

Focusing on Document and Data Protection, the inaugural seminar briefed attendees of the importance of complying to the evolving regulations surrounding data—personal, business and sensitive.

“Data privacy is not an option. It’s an obligation, not a choice,” said Mr Foo, also a certified data protection officer.

And when should you start? “Now,” he said.

Citing Singapore’s Personal Data Protection Act (PDPA) and the European Union’s General Data Protection Regulation (GDPR) that will come into force in May this year, Mr Foo warned of the heavy consequences that can follow in the event of breaches.

“If you breach the Singapore PDPA law, the fine can be up to a million dollars. For the GDPR, the consequences are worse. You can get fined 20 million euro, or 4% of your company’s annual revenue, whichever is higher,” he said, emphasising how financially crippling a data breach could be.

Two key elements for compliance

So how do you ensure your organisation is compliant to the regulations around data privacy and protection?

“The key is having a Data Protection Officer—because the law decrees each organisation has to have one now, together with a data privacy policy that governs your organisation. It’s a blueprint of sorts.

“It should illustrate the full flow diagram of how data is taken care of, from the moment it is created or collected from let’s say, the receptionist, all the way until it reaches the IT department. It should also answer these questions: how will the data be processed? Who will have access to it? How will you protect and retain it?

“And each set of data needs its own processing workflow. Together this will form your blueprint. That is what you need to have,” Mr Foo said.

Leverage Microsoft 365 for data protection

But even having this blueprint in place is not enough to ensure compliance to data protection regulations at all times. “People are the weakest links. Often people don’t realise they are even breaching the law on data protection.” he said.

“The responsibility for compliance might lie with the DPO, but the accountability belongs to everybody in the organisation. From the receptionist who protects visitors’ information from unauthorised parties, to the HR department who stores all employee details, and to the sales teams that might have confidential business or client information,” said Mr Foo.

On top of thorough training for employees so they understand what constitutes a data breach and how to prevent it, companies can also invest in tools to help them maintain compliance, such as Microsoft’s Office 365.

Office 365 is a tool that will help customers meet their compliance obligations when it comes to data protection and data privacy. Some of its beneficial features demonstrated by Mr Foo at the seminar include:

Labels to classify data, e.g. general, personal, credit card, etc.
Tracking of every document through the cloud – who has opened it and at what time
Ability to revoke access to a document remotely in the event that a possible data breach has been detected
The organisation and storage of data in the cloud to ensure they can be easily found later

“With Office 365, you have the ability to create data which then can be labelled and classified, set permissions for how documents are handled, take control and track documents (especially those with personal data and sensitive information), and ensure that your information is kept secure. This is the data protection lifecycle that ensures that from the moment data is created, stored, and used, information does not leak from your organisation,” Mr Foo said.

Positive views all around

The physical demonstration of the tool and its features at the seminar allowed attendees to see first-hand the benefits it could bring their organisations.

K Uthayaguru, senior IT manager of United BMEC, said: “The seminar addressed key concerns of mine. We distribute medical and rehabilitation devices to institutions such as hospitals, rehabilitation centres and sports institutions all over the region.

“We do have internal file sharing with policies and security in place, but with the current nature of our business, employees need to access data on the road. They do this with different software and services to store and share information internally and externally, which is an issue with security. With Office 365, it would really standardise all our processes to do with data.”

He said his company will look more into the tool and price plans before they purchase it, but he is convinced of its benefits.

Even for existing customers, the session was an eye-opener. Ace Centeno,  

Network & Systems Engineer of Manufacturing Integration Technology, a company that operates in Singapore, said: “The session has really been informative. With our current Office 365 subscription, we are glad that we can comply with the PDPA easily. After attending this session, I am now keen to explore how we can further tighten security with the additional add-ons offered by Office 365.

Tan Kok Kheng, global IT director, DyStar Group said: “My company is a multinational corporation so we operate worldwide. PDPA and the GDPR both apply to us. The session really clarified how Office 365 is able to support and get us ready for both regulations by defining how the tool integrates with each level of privacy and protection within an organisation.”

The time is now

“The law is always changing and data privacy is growing. Start now while it’s evolving, so at least you can evolve with it. If you start later, it will just get harder and harder to keep up with the regulations. Office 365 can help you with this and mitigate risks of data breaches, so start the journey towards data privacy protection today.”

And why not begin this journey with Singtel?

“Singtel is one of Microsoft’s largest partners, and we put a lot of focus on data protection which we understand is a challenge that our customers are facing today,” said Othniel Liew, associate director, SaaS product management, Singtel group Enterprise.

“As a Microsoft Gold partner, we can accompany you not only in your digital transformation journey, but through the entire adoption of data protection. This is a journey that Singtel can walk together with you,” he said.

“We recognize that while many organisations have heard about the new data protection laws, there is a gap in their knowledge on these and what they mean to their business. We also recognize that data protection requires a change in mindset and behaviour, which is why Singtel takes a four-step approach of educate, discover, implement and change.

“At every step, Singtel brings expert knowledge to our customers to effect awareness, implementation and successful change management,” Mr Liew said.

With the overwhelming positive feedback following the seminar, Singtel hopes to organise further sessions with a similar focus on data protection and privacy