What is the consequence of shortage of Data Protection talent in Singapore/region?

2021-06-15
banner

The business culture of data protection has yet to be firmly established within an organisation. It does not help that due to a lack of expertise, organisations have not adequately identified data protection and privacy risks, let alone have a data protection management programme to ensure compliance with the Personal Data Protection Act. While 80% of all PDPA enforcement cases are due to lack of security measures in place, the fact is many of the root causes of these data breaches can be traced back to human error or negligence, other than unprotected system or application.

Besides ignorance and lack of data protection competencies, the consequence of the shortage may be seen from the fact that many SMEs have to shoe-horn the data protection role onto other portfolios either because there is lack of data protection talent in the market or to achieve cost-savings in the short run. As the DPEXNetwork DPO study indicated, the lack of bandwidth is hindering DPOs from doing an effective job. This may be practiced in the the nascent stage of the enactment of the law, but as data breaches become more common, there will be expectations from the regulators and the customers on the organisations to up their data protection capability.


Chart showing challenges and difficulties faced in the data protection role

In the long run it makes sense to have a qualified dedicated DPO as it will not only enhances business opportunities but minimises the risk of a data breach. A data breach would cost the organisation in more ways than one; not only is there financial penalty but disruptions in operation, there will be time spent in response and investigation, loss of customers, tarnishing of the reputation, legal action from, and restitution to the affected parties.  In Singapore, about one in five DPOs have indicated their organisation experienced some form of data breach/incident in the last three years. One of the consequences of not having trained talent is an increased risk in data breach: DPOs untrained in data protection are twice as likely to experience the breach/incident.


Understandably certain sectors such as the finance and IT faces higher risks and any incident would have severe repercussions on the organisations. They have been the forerunners in recruiting cybersecurity talent and training staff in data protection.

However increasingly so, we are seeing large organisations and the smaller SMEs also turn their attention to this area. This is due to regulators starting to enforce data protection laws, coupled with the public's expectation of organisations to be accountable when processing data, we will increasingly see other sectors and organisations paying greater attention to data protection. In Singapore we see the amendment of the PDPA (version 2.0) making the guidelines clearer and giving the regulators more teeth in enforcement.

As these measures are fine-tuned, one of the consequences is that it would less acceptable to have a DPO who is untrained or are “part-timers”, i.e. whose portfolio include other responsibilities which may then limit their time and attention to data protection work.

In the digital age of e-commerce where we are inter connected by trade and business process outsourcing, it is inevitable that businesses will have to invest greater attention to data protection or risk losing the trust of their customers and stakeholders. The consequence of not doing so be dire on the organisation.

The growing gap between demand for the data protection profession and trained talent has increased over the recent years. To further understand development in digitisation, data protection and the "rise of the DPO", one can learn about the trend.





Article contributed by:
Kevin Shepherdson (FIP, CIPM, CIPP/A, CIPP/E, CIPT, GRCP), Leong Wai Chong (CIPM, GRCP)



Just one more step! We've sent an email to .
Please check your inbox or spam and open it to activate your account.

Topics
Related Articles