The impact of the COVID-19 pandemic cannot be ignored. Its impact on the data protection industry has been massive. To adapt, many companies have digitised their businesses to cater to remote work or work-from-home (WFH) setups without observing proper security measures.
The COVID-19 pandemic has undoubtedly turbo charged the digital transformation of various organisations. However, the digital transformations came with vulnerabilities and risks. To address these vulnerabilities and risks, people need to implement data protection measures.
2021 Privacy Challenges and Data Protection Trends
The following are the data protection trends and privacy challenges expected this 2021:
1. The accelerated digitalisation due to COVID-19 will require more governance of personal data within organisations. There is also an inevitable shift from a legal approach to data protection to a holistic GRC (Governance, Risk Management and Compliance).
As organisations deal with the impact of COVID-19 and create safety measures as well as other measures to warrant the survival of the business, privacy issues and security vulnerabilities will continue.
Stricter private and public sector data protection requirements are already evident not just in the Philippines but also in Singapore. New laws are expected to be in place for Indonesia and Thailand.
The safety and privacy requirements are implemented at the operational level and will also require regular and strict audits.
2. Renewed focus on the significance of third party management of PII due to resulting digitalisation, automation, and WFH initiatives.
The complexity of processing PII (especially from the perspective of third party management) will create more challenges for data processors and organisations as diversification and disintermediation of the supply chain continues.
Extra-territorial application and cross-border data transfer will also be taken into consideration. Governments will become concerned about how data of citizens are handled. It is expected that stricter requirements and audits as well as due diligence will be imposed on third party vendors.
That said, data processors/intermediaries and organisations need to be clear about their respective roles under the data protection law.
3. As a result of ongoing automation and COVID-19, data breaches and sophisticated cyber threats will become more common.
4. ISO 27701 and GDPR will be established as de facto standards for data privacy management and operational compliance.
Several of the new amendments and laws in some regions like Indonesia, India, Thailand, and China now use GDPR as a reference standard. Even upcoming changes in the Philippine Data Privacy Act are designed to keep local legislation as current as the GDPR.
Organisations that are operating in the region are expected to employ GDPR to guarantee regional compliance. ISO 27701 is also expected to gain greater adoption this 2021 and the years ahead as its jurisdiction is neutral.
5. As awareness of privacy grows, the importance of certification at the individual and corporate level will also continue to get momentum driven by local data protection authorities.
The Philippines and Singapore lead the way in the region in terms of encouraging local data protection officers and professionals to be certified. More and more individuals are also expected to get data protection qualifications and competencies for 2021.
For instance, Singapore’s PDPC (Personal Data Protection Protection Commission), an exam-based certification and preparation has been extended from 2 to 3 days and will start rolling out in 2021.