The EU General Data Protection Regulation (GDPR) expands the rights of EU residents to control how their personal information is collected and processed, and places a range of new obligations on organisations to be more accountable for data privacy and protection.
Do Asia-Pacific organisations need to comply?
The GDPR applies to any organisation collecting, storing or processing EU residents’ personal data, irrespective of the organisation’s location or where the data is processed.
Asia-Pacific companies with any connection to Europe – whether through subsidiaries, customers or suppliers – are likely affected.
Organisations should take steps to determine whether the GDPR is applicable, and then consider revising their information handling processes to ensure compliance.
In some cases, GDPR compliance can build on existing measures that many organisations adopt as a matter of good practice or to comply with national laws in Asia-Pacific.
For instance, in our recent blog, The EU GDPR and the Singapore PDPA, we looked at how GDPR compliance can help compliance with Singapore’s Personal Data Protection Act 2012.
With the appropriate data protection compliance framework in place, not only will you be able to avoid significant fines and reputational damage but you will also be able to show customers that you are trustworthy and responsible, and derive added value from the data you hold.
GDPR compliance challenges
IT Governance’s GDPR Report 2017, which analysed data from more than 250 professionals worldwide, found that the primary challenge for organisations was a “lack of competence and expertise to implement the measures necessary to secure data and to protect the rights of data subjects”.
Although our report was published in 2017, GDPR awareness is still alarmingly low.
A recent article from CDO Trends said that “in countries like Japan and Australia only around 20% of all consumers have heard of GDPR”.
Organisations in Asia-Pacific should embrace the changes introduced by the GDPR and take the relevant steps to demonstrate compliance to consumers and data protection authorities.
The key steps to GDPR compliance
For some practical guidelines on how to comply, please read our GDPR compliance checklist.
Whether you are well on your way or just starting your GDPR compliance project, our checklist highlights the essential steps you need to take to demonstrate compliance and recommends solutions to help you do so.
Spend more than $300 on any books, toolkits, software, training and consultancy products listed in our GDPR compliance checklist and save 15% with the voucher code: GDPR-SAVE15.