The COVID-19 pandemic has drastically transformed the landscape of the economy and sped up the digitisation process. Many businesses have resorted to online transactions and other digital solutions in their effort to adapt. Unfortunately, many fail to integrate data protection aspects into the operational controls.

Hackers and other malicious agents are just waiting for the perfect time to steal customer or employee data from businesses. This is where a Data Protection Officer (DPO) can come in handy.

One of the primary tasks of a DPO is to help the organisation govern how data is used, collected or stored within the organisation based on the requirements of the Personal Data Protection Act (PDPA) and other data protection laws.

Nowadays, PDPA courses are available for DPOs and organisations that want to strengthen their data protection practices. The PDPA course is also ideal for those organisations that want to set up their Data Protection Management Programme.

Under the Personal Data Protection Act (PDPA), organisations in Singapore are required by law to assign one individual as DPO. All organisations in Singapore also have to ensure that personal data of both internal and external stakeholders (i.e., customers and employees) are protected.

Under the PDPA, the role of the data protection officer is defined as an individual tasked to oversee the data protection responsibilities of the organisation and ensure compliance with the law.

ASEAN countries have begun to legislate laws that protect personal data in response to requirements set by more mature markets.

The responsibilities of a DPO from an operational perspective include:

• Assessing the risk related to the processing of personal data (including conducting a data protection impact assessment (DPIA).
• Protecting the organisation by creating a data protection management programme (DPMP) against identified risks. This also covers the implementation of processes and policies when handling personal data.
• Sustaining the compliance efforts by informing stakeholders about the personal data protection policies. This also includes carrying out audits and ensuring the ongoing monitoring of risks.
• Responding and managing queries and complaints related to personal data protection. It also involves liaising with local and international data protection regulators on matters related to data protection.

How Organisations Can Benefit from Having a DPO

One of the benefits of hiring a DPO is they can help mitigate the risks of data protection breaches. It is also important so organisations can demonstrate they are accountable and responsible for the personal data that is in their care.

A Data Protection Officer is also tasked to formulate a DPMP and Data Breach Management Plan. This can help show that due diligence has been undertaken. An amendment in the PDPA will soon require that organisations report a breach within three days. This is similar to the requirement set by the GDPR.

Data Protection Officers can also provide guidance so organisations can attain the data protection standards required. By working with various departments, they can identify gaps, create a data map, assess risks, and provide recommendations.

While DPOs require certain skills and knowledge in data protection, they also need to have soft skills that will enable them to work with others. In addition, knowledge is also important so they can understand the global privacy standard.

It is also crucial that a Data Protection Officer has the resources and tools needed to implement the needed controls for the organisation. A trained Data Protection Officer can also provide value to the organisation by finding methods that can help minimise the risks of a data breach.

Danny Watson