In a digitized economy, catalysed by the COVID-19 pandemic, online transactions and WFH (work from home) arrangements become the new normal. Whilst this allows the economy to hum under the MCO (Movement Control Order) or lockdown, it has increased the risk of a data breach. Organisations have to be mindful of the risks involved and this will lead to even stronger demand for data protection profession and cybersecurity professions.
This is because personal data is not just collected on an online form, stored in a system. In a digitized (or even non-digitised organisation) environment, the risk lies in the Information Lifecycle which is found throughout the processing which involves personal data in an organisation, comprising:
Why do Data Breaches Happen in the first place?
An answer to this question was classified into three buckets:
1. Failure to Identify Risks
2. Identified Risks – However failed to Implement mitigation measures
3. Identified Risks and Implemented mitigation measures – Yet it happened
Identifying risks is a fundamental exercise to ensure appropriate controls can be designed and put in place. Thereafter follow-ups on actions or risk mitigation measures taken is crucial. It takes a trained data protection officer to work and coordinate with the various business line operations to identify the risks, devise and deploy the mitigation measures.
Even if the risks are identified and mitigation measures implemented, data breach may happen to organisations. The 7 Common Mistakes that organisations make are:
1. Insufficient data protection measures
2. Little or no information security practices
3. Vulnerable IT infrastructure to online threats
4. Improper training - policies not communicated
5. Disjointed practice
7. Poor third parties and contract management.
These are common risks that not only DPOs but (GRC) risk managers face under the new normal.
To mitigate risks and effect from these mistakes, the organization (through its DPO) need to take the 6 basic steps:
Article By: Benjamin Shepherdson, GDPR & Info Sec (EXIN), CIPM, GRCP, Country Manager/Director (Malaysia) Straits Interactive Pte Ltd. and
Leong Wai Chong, CIPM, GRCP
Photo by Chris Montgomery on Unsplash, Background photo created by www.slon.pics
The views and opinions expressed in this article are those of the author and do not necessarily reflect the official view or position of DPEXNetwork.
Access online / in-person courses and view past training records
Join lively discussions on pertinent data protection topics
Gain access to data protection research and video resources
Receive value-added data protection updates from the region
The Info-comm Media Development Authority of Singapore (IMDA) launched the Data…
Every day we are confronted with information on companies that allegedly did th…
It cannot be reiterated enough: personal information is property that belongs t…