To comply or not? Don’t let ‘MRT’ stop you

Worried about the data protection compliance or capability of your firm?

The common and valid concerns of money, resources and time - or the lack thereof - are often top of mind for the key decision-makers in Singapore organisations, as they grapple with the requirements of the Personal Data Protection Act, or PDPA.

This was addressed during a special luncheon on 19 August 2022 hosted by Straits Interactive, in partnership with the Singapore Estate Agents Association (SEAA) and the Infocomm Media Development Authority (IMDA), to Key Executive Officers from the real estate industry.

Alvin Toh, Chief Marketing Officer of Straits Interactive, highlighted the advent of accelerated digitalisation in the post-Covid landscape, related this to the risks estate agents and property projects are facing, and referred to a growing need to shift focus from data protection to data governance.

19 Aug 2022 KEO Event

Skill sets to transition to data governance

“On one side, you have data protection, with a compliance objective, to reduce risk, right? On the right side [with data governance], it’s business objective and increasing value to data. This is the part where it’s a skill set of data governance,” he said.

“You want to look at this skill set, between your organisations, how are you transitioning from just data protection, which is managing risk of data, going towards increasing the value of data, but you need to do both right? Responsible use [of data] and increasing the value of data, and that’s data governance.”

Dominic Ng, guest speaker

Guest speaker Dominic Ng, Manager (Data Innovation & Protection Group) at the Personal Data Protection Commission (PDPC) and Infocomm Media Development Authority (IMDA), asked the audience to consider PDPA compliance as a means of business differentiation. 

“As we digitalise, you must realise that personal data is the fuel of digitalisation – it drives digitalisation. The more data we collect, the higher risk of it being lost, which leads to an increasing number of data breaches,” he said.

“We want to help organisations see data protection not just as mere compliance, but as a way to differentiate themselves as a trusted company and stand out from their competitors."

DPTM as a gold standard

He added that the Data Protection Trustmark (DPTM) was established as a “gold standard” to “establish and recognise robust data governance of organisations, to help businesses increase their competitive advantage, and to build trust with their clients.”

“Being Trustmark-certified would send a clear signal to your clients, business associates and the regulators that you are accountable and have good data protection standards in place.”

“We are also heartened to say that more than half of our certified organisations are SMEs, as well as non-profit organisations that, traditionally, people would think that they are the ones that have no resources. What this means is that the DPTM is not beyond anyone, and if you a business operating in Singapore, the DPTM would greatly benefit you.”

Mr Alvin Toh, speaker

No 'MRT'? No problem

In response to Ng’s presentation, Toh reiterated that Straits Interactive assists clients, through its consultancy and in line with resources available, to overcome the issues of “MRT”.

“[People ask] ‘How is your data protection compliance?’ Then what is the reply? ‘No MRT.’ Do you know what this means? No money, no resources and no time. But there is good news. With our help, you can tackle any of these three - so that you can get the ‘train’ moving,” he said, adding that businesses, even “one-man operations”, need not try to achieve compliance alone.

“Yes, grants are available,” said Ng. “To help organisations obtain the Trustmark as well as the CBPR PRP, organisations can claim from the Enterprise Development Grant (EDG). The misconception that people have about this grant is that you have to be an SME [to be eligible]. No, you don’t. Both SMEs and non-SMEs, as long as you are eligible, you are welcome to go apply for it.”

“[The grant] covers third-party consultancy fees. Sometimes, companies may need a little help to get themselves ready to meet the DPTM requirements – they can tap on the EDG to consider engaging a third-party consultant for help.”

“Yes, you may have some policies in place, you are fairly confident you comply with the PDPA, but if you’re not so sure – it’s ok,” Ng said. “[My advice is] go for the Trustmark, get the grant and engage a consultant to help you get ready to meet the DPTM requirements.”

To assess your organisation’s data protection readiness, and to take proactive measures to protect the personal data in your care, please schedule a strategy call with our consultants at sales@straitsinteractive.com.