Data Protection Predictions for 2023 – Webinar Summary

On 13 Jan 2023, Straits Interactive and DPEX Network held a webinar on Data Protection Predictions for 2023. Looking back at 2022 and the developments in the market, the panel discussed five trends in data protection and privacy that would impact organisations and data protection professionals.

The five trends identified for 2023 were:

1. Ongoing digital transformation will create increased privacy and security threats
2. Continued increase in privacy breaches and enforcements (beyond data security)
3. More regulatory actions expected against improper/unfair use of social media, surveillance, and children’s data
4. Transition from data protection to data governance as demand for data protection related expertise grows
5. Increased Focus on AI Governance and ethics as EU passes new AI Governance Law

Monitoring these trends, organisations can maximise the business opportunities and minimise the threats that come with increasing digital transformation today.

Likewise, professionals from all fields – not just data protection – can gain insights from these trends to plot out how they want to build their career in the succeeding years. Ongoing digital transformation is creating new skill sets which are in demand, while rendering other skill sets obsolete.

The panel of speakers were:

• Kevin Shepherdson, CEO and Founder of Straits Interactive
• Lyn Boxall, a data privacy lawyer at Lyn Boxall LLC
• William Hioe, Regional Head, Consultancy, Straits Interactive

Click to view the highlights video

To watch the webinar in full, please sign up to be a DPEX Network community member, log in and visit the Events section on www.dpexnetwork.org, where the on-demand recording will be made available in two weeks following the webinar.

Ongoing digital transformation as key driver for data protection and privacy

Digital transformation is here to stay. But as organisations continue to pursue digitalisation, privacy and security threats will only increase.

“Singapore is now 95% 5G. 5G will allow lots of good streaming, online games, new UX like AR, VR -- obviously tons of connected devices,” said Kevin Shepherdson, CEO of Straits Interactive, who led the panel discussion.

“And while we all know that 5G has better in-built security than 4G, there is still risk because of connected devices... especially IoT devices that were not manufactured with security in mind.”

“With the introduction of new technologies, there will be a new playground, where those with evil intentions will exploit the technology for their private gains,” said Hioe. “This is evident in the increasing number of cyber breaches recently, especially in the financial sector.”

And while “bank robberies are going down,” observed Boxall, “the number of scams is going up. We're entering an era where people have to be concerned about online security.”

Thus, continued digital transformation will only increase the demand for proper data protection and data governance; there needs to be an ethical use of such technologies, especially when these technologies can threaten the privacy of individuals.

What then, does this mean for organisations and business leaders?

The panel reminded the webinar attendees to conduct data protection impact assessments (DPIA), or privacy impact assessments, for their new projects and initiatives. Third-party due diligence is also key in ensuring that the organisation does not expose itself to unwanted and unnecessary risks.

The panel also advised that in this era of digital transformation, a shift of mindset from “compliance objectives” to “business objectives”, and from “data protection” to “data governance”, was crucial for organisations to maximise the value of data.

Data protection and privacy is often seen as a law which organisations need to comply with. However, we live in a data-driven world, so looking at data protection as a compliance requirement, might limit your business’s capability.

“When we look at data governance, we should not just confine ourselves to protecting personal data. We should look at it in a much larger context, at all types of data that an organisation handles,” said Hioe. “Data governance is something addressed at a board level and is not just something for the IT and infosecurity folks.”

Stay tuned for our upcoming webinars and events on data governance by following us on Facebook and Linkedin.

How is the job market responding?

Ongoing digital transformation is also causing the job market to evolve. Some skill sets are becoming obsolete, while new skill sets are becoming in demand – and data protection is one of them.

Based on the jobs study conducted by Straits Interactive and the Data Protection Excellence Network, which found more than 600 data protection-related jobs in a one-month period, there was a 125% increase in the number of data protection-related jobs from 2021-2022. There was also a 608% increase in data governance roles.

Another interesting finding is that the number of job roles with data protection requirements, without data protection as the primary focus, also increased exponentially this year.

“The number of jobs requiring some form of data protection requirement is rising,” said Shepherdson. “And the largest increase is in HR, IT and Marketing. [Organisations] are looking for data protection skills, though it's not [always] the focal role.”

“It means that data protection is coming more into the mainstream,” said Boxall, “because it means that everyone in the organisation needs to know something about data protection. They need to speak the language.”

Data protection and privacy is no longer a skill that only data protection officers need to know. With ongoing digital transformation, data protection and privacy is a skill set necessary no matter what department you are in. This is because data protection and privacy is embedded in all of a company’s operations.

“It shows that data protection is part and parcel of getting things done, of reaching your business objectives,” said Hioe.

Start your career in data protection by taking our 1-day PDPA crash course (Singapore) / our Data Protection Officer Program (DPO ACE, Philippines), or check out our learning roadmap.

How are regulators adapting?

Regulators are also catching up. Enforcement cases in the EU and Singapore are showing increasing regulator activity, increasing fines, and increasing cost per fine.

Many think data protection and privacy is all about securing the personal information an organisation has. However, a review of the enforcement cases in the EU will show that many organisations are getting fined, not for failing to protect personal data, but for unlawful processing and for violating the transparency principle.

This seems to indicate that organisations are getting fined for using or processing their customers’ data for purposes other than they were meant for, and for not clearly communicating to their customers how they are using their personal information.

Likewise, we are seeing more enforcement cases in the aspect of children’s data, surveillance, and social media. This is evident in the most recent fine imposed on Meta this January, which cost the company EUR 390 million.

Many countries are also quickly developing laws on AI governance and AI ethics. WIth AI being used by malicious actors, it is a must to advocate for principles which will govern the use of AI. More sophisticated phishing emails, social engineering tactics, and deepfakes are only some of the ways hackers exploit AI for malicious gains.

Thus, to reap the benefits of AI and machine learning, organisations must learn to use these new and emerging technologies ethically. Failing to incorporate the AI ethical principles in their digital transformation efforts will expose them to more scrutiny from both regulators and the public, with consumers also becoming more aware of their rights.

Questions about AI, children’s data and data governance roles

The panel ended the webinar with some key takeaways about the outlook for 2023 and the next steps to take to better protect personal data and achieve business goals in the coming year.

The questions included:

• With the use of AI becoming a hot topic … would you expect the data governance function to take on a broader role in organisations?
• Have there been cases of companies that did not report data breaches as they were supposed to?
• Singapore does not specifically have a law on children’s privacy. Are we lagging in terms of having sufficient safeguards for children?
• What are the roles of data governance? Has there been a study on compensation for such roles?
• For someone new, should one go with CIPM or IDPP, as the starting point?

*Disclaimer: Not all Q&As can be reviewed in the webinar recording as some were answered LIVE in the chat box during the session.

To watch the webinar in full, please sign up to be a DPEX Network community member, log in and visit the Events section on www.dpexnetwork.org, where the on-demand recording will be made available in two weeks following the webinar.