Digital Transformation and the Post Pandemic Period - What it means to DPOs, Governance and Compliance Teams - Webinar Summary

Digital transformation has become a must these days. Businesses that do not go online are at a serious disadvantage against their competitors.

But digital transformation also comes with new threats to look out for and new risks to address. More than one-third of respondents of a poll at this webinar said that their organisations had experienced a security or privacy incident during the pandemic.

On 7 July 2022, Straits Interactive and DPEX Network held a webinar which tackled the risks and threats that come with digital transformation, in the aspect of personal data.

The webinar also talked about key trends, and advised companies on the importance of shifting from data protection to data governance. More than 45% of respondents of a webinar poll said that they did not have a data governance office or staff.

The role of Data Protection Officers (DPOs) and Compliance Teams in the shift to data governance was also discussed, as was the need to upskill data protection professionals and enhance organisations’ capabilities, not only their systems.

The panel of speakers were:

• Charles Ng, Independent Director & Advisor and Former Group CFO of Como Group
• Lyn Boxall, Director of Lyn Boxall LLC, a Singapore law firm specialising in data protection/privacy
• Kevin Shepherdson, CEO of Straits Interactive

To watch the webinar in full, please sign up to be a DPEX Network community member, log in and visit the Resources > Videos section on dpexnetwork.org, where the evergreen recording will be made available within two weeks following the webinar.

Growing enforcements, lessons to be learnt

New data protection laws are being passed in the ASEAN region, while the number of enforcements in data privacy pioneers like Singapore and Europe are growing. In recent years, the amount of fines levied has also been increasing.

Even big techs like Google and Facebook have been heavily fined in recent years. Charles Ng advised companies to ask, “If it could happen to the other organisation, can it happen to us?” He added, “Boards nowadays tend to look at enforcement cases very seriously, especially if it is against a similar industry. The cheapest way to learn is to learn from other people’s mistakes.”

Unfortunately, businesses today are facing even tougher times. With the war in Russia and Ukraine, rising gas prices and surging inflation, businesses are looking for new opportunities to stay afloat.

Digital transformation is not risk-free

It is not only the regulators who are becoming stricter – consumers are also becoming more aware of their rights. And while most companies have been undergoing massive digital transformation, many are not aware of the precautions that must be taken.

This trend is most evident in the widespread adoption of mobile apps. Lyn Boxall explained, “In Singapore, [almost] everybody is building an app. But not a lot of developers know what they’re doing. App developers use templates, which include permissions, and the companies don’t know. Sometimes, the patches can’t be updated, which puts you at risk of a breach. You get into something trendy but your vendor doesn’t know what he’s doing. The blind are leading the blind.”

However, adopting a digital-first mindset has become a must in this post-pandemic setting.

Charles added, “We are living in a very data-driven world. Our workforce is dispersed, and digital transformation has taken over. We also have a decentralised way of doing things, where we rely on a lot of third parties because of the convenience and cost, without considering the risks and procedures.”

The gap in capabilities

Unfortunately, while DPOs are trained to protect the confidentiality and integrity of personal data, they may not know how to maximise the value of the data they hold. Much value can be derived from data if it is used responsibly.

Thus, there is a need to shift from Data Protection to Data Governance. While Data Protection focuses on reducing risk, Data Governance is about reducing risk and increasing the value derived from data.

Kevin explained, “Data governance is about creating an accountability framework that decreases risk and increases the value of data, with the focus of enabling the organisation to achieve its goals.”

He added, “If we look at data holistically, we also need to look at data quality, as well as the new systems needed from an architecture perspective. You will also need that data to get new customer insights for your business intelligence. Most importantly, you need to support management in their decision-making.”

Learn more about how to reduce risk and increase the value of data through our Advanced Certification in Governance, Risk Management, and Data Compliance.

The shift to Data Governance will require a whole new set of capabilities as well as the right tools to help manage them.

To aid companies transition from Data Protection to Data Governance, Straits is developing a new capability management software, Capabara. The software includes an assortment of capability templates to assist organisations in meeting their objectives.

Straits CTO Andrew Fam joined the webinar and commented, “I’ve worked with many companies and it’s very difficult to introduce new digital capabilities and track exactly what’s going on. We want people to be able to track their digital capabilities and transfer them to new [personnel] too.”

If you are interested in trying out the new software, you can join our Capabara beta programme.

Questions on Data Governance

Some of the questions asked by the audience during the webinar about data governance, and addressed during the question-and-answer that followed the panel discussion, included:

• Many companies already have ESG initiatives. How might Data Governance fit into the existing ESG initiatives or add value to it?
• How is capability management different from quality control?
• How might a DPO get C-level buy-in on the transition to Data Governance? What would get their attention?
• What should be the composition of the data governance office? We currently have a single DPO who is a lawyer. Should it include anyone from the IT field to ensure it is enforced at the operational level?

To watch the webinar in full, please sign up to be a DPEX Network community member, log in and visit the Resources > Videos section on dpexnetwork.org.

We also offer an Advanced Diploma in Data Governance and Management, which you can obtain by completing the Advanced Certification in Governance, Risk Management, and Data Compliance and the Advanced Certificate in Data Governance Systems.