Data Protection 101: why data privacy and DPOs matter

What is data protection?

The concept of data protection encompasses the collection, usage, storage of personal information, as well as disclosure or transfer of personal data (or CUDS in short). The digital age of today has made personal data the lifeblood of businesses and the economy as people freely share data and information on a daily basis. To prevent unauthorised use of the personal information of individuals by organisations, data privacy laws were introduced in many jurisdictions worldwide e.g., Europe’s General Data Protection Regulation (EU GDPR), Singapore’s Personal Data Protection Act (PDPA), the Philippines’ Data Privacy Act (DPA) and Malaysia’s Personal Data Protection Act (PDPA).

• Additional offences under the PDPA that could get you into trouble
• How do I help my organisation comply with the Malaysia PDPA?
• How should a data user (organisation) manage the Malaysian PDPA under the "New Normal" situation?

Data protection laws require organisations that handle personal data to demonstrate accountability and responsibility. To be operationally compliant with the laws, organisations should have a data protection management programme (DPMP) in place to translate the requirements of the law into their business practices.

• Data Protection: Risks Equal Opportunities

What does a data protection officer (DPO) do?

A Data Protection Officer (DPO) is essential in today’s environment as digitalisation has made it convenient for organisations to collect and analyse data for various business purposes. However, this convenience has brought about vulnerabilities and risks that may not be factored in the organisation’s overall governance, risk management and compliance strategy.

The main responsibility of the DPO is to assist the organisation to govern how personal data is being collected, used, disclosed, or stored within an organisation according to the requirements of the data protection laws. If there are gaps in the operations that are processing personal data, the DPO works with the relevant departments to ensure that there are adequate controls to mitigate the risks and rectify the gaps. They also work with the relevant departments to ensure that the organisation's privacy policy and data protection training is updated and communicated to staff.

• What does a Data Protection Officer do?

What qualifications do you need to be a DPO?

The data protection laws of many countries require organisations handling personal data to demonstrate accountability and responsibility. Although a DPO need not be a trained legal professional, they are expected to have sufficient data protection knowledge and assist the organisation to be operationally compliant by implementing good data protection practices within the organisation’s business processes.

If you would like to learn more about data protection and become a qualified DPO, sign up for our Advanced Certificate in Data Protection Operational Excellence or check out our articles below to find out more on the best choice for your DPO journey: