In today's digital age, organisations collect vast amounts of data through their use of technology in daily operations. With increased data collection comes a heightened need for data protection to secure sensitive and personal information from unauthorised access, misuse, or theft. Ensuring the security of sensitive data is of utmost importance as organisations navigate the rapidly evolving digital landscape. To minimise risk and protect valuable information, staying informed about the latest trends in data protection and implementing effective security measures is essential.
In this info session, Straits Interactive and DPEX Network reflected on the key lessons of 2022 and identified five trends in the field of data protection for 2023:
- Ongoing digital transformation will create increased privacy and security threats
- Continued increase in privacy breaches and enforcements (beyond data security)
- More regulatory actions expected against improper/ unfair use of social media, surveillance, and children’s data
- Transition from data protection to data governance as demand for data protection related expertise grows
- Increased Focus on AI Governance and ethics as EU passes new AI Governance Law
By staying informed of the latest trends, organisations can maximise business opportunities and mitigate potential threats in the face of the current digital transformation. The rapid pace of digital transformation is creating new job opportunities and making certain skills obsolete. This has led to an increased demand for expertise in data protection and risk management, among other areas, offering ample growth potential for professionals seeking to stay ahead of the curve.
Ongoing digital transformation as key driver for data protection and privacy
As organisations continue to pursue digitalisation, privacy and security threats will only increase. With the introduction of new technologies, we see an increasing number of cyber breaches recently, especially in the financial sector.
The panel also advised that in this era of digital transformation, a shift of mindset from “compliance objectives” to “business objectives”, and from “data protection” to “data governance”, was crucial for organisations to maximise the value of data.
Therefore, as digital transformation progresses, the need for proper data protection and governance will only increase. It is important to use these technologies ethically since they can pose a threat to personal privacy.
What then does this mean for organisations and business leaders?
Conducting data protection impact assessments (DPIA), or privacy impact assessments will be important when starting new projects and initiatives. Third party due diligence is also crucial in ensuring that the organisation does not expose itself to unwanted and unnecessary risks.
Here are some recommendations:
- Data protection office to focus on business objectives vs compliance objectives in post-covid period
- Data Governance is key – increasing the value of data while decreasing the risks of personal data
- Conduct DPIA – data protection impact assessments to address privacy / security risks
- Conduct third-party due diligence for new projects and specify data protection requirements in contracts
- Increase awareness of privacy risks and data protection requirements through regular training, reminders and competency assessments
How is the job market responding?
The ongoing digital transformation leads to changes in demand for data protection skills in the job market. Based on a study conducted by Straits Interactive and Data Protection Excellence Network, there was a 125% increase in the number of data protection-related jobs from 2021 to 2022, and a 608% increase in data governance roles. Additionally, the number of job roles that require some form of data protection but do not have it as the primary focus has also seen a significant increase, with HR, IT, and Marketing among the industries with the highest demand.
With the ongoing digital transformation, data protection is becoming more mainstream and everyone in the organisation would need basic knowledge about it. Hence, due to its integration in all operations and crucial role in achieving business objectives, it will be a necessary skill for all individuals across various departments and not exclusive to just data protection officers.
How are regulators adapting?
Regulatory authorities are intensifying their efforts to enforce data protection and privacy laws, evident by the rise in enforcement actions and penalties, particularly in the EU and Singapore. The notion that data protection and privacy solely involves the secure storage of personal information is being challenged by recent enforcement cases in the EU. These cases show that organisations are frequently fined for unauthorised processing and failure to meet transparency obligations instead of inadequate protection of personal data. This suggests that organisations are facing consequences for utilising their customers' data for unintended purposes and for failing to communicate effectively with their customers regarding their use of personal information.
Many countries are also quickly developing laws on AI governance and AI ethics.
If you are looking for a career transition in Data protection, SMU Academy has two recently-launched train-and place programmes for you:
- (SCTP) Advanced Certificate in Data Protection Operational Excellence where you will explore the operational components of data protection and information security
- (SCTP) Advanced Certificate in Governance, Risk Management and Data Compliance, to understand the importance of data governance, privacy, and data protection, along with the practical knowledge necessary to analyse, assist, and ultimately manage the growing volumes of data within your organisation
For Data Protection/ Privacy professionals looking to chart their careers according to the DPO Competency Framework and Training Roadmap:
For Data Protection Officers looking to fulfil knowledge requirements and perform effectively in their role:
For the uninitiated looking to gain practical Data Protection knowledge and skills:
- PDPA - An Operational Perspective
- Practitioner Certificate in Personal Data Protection (Singapore) 2020 (WSQ)
This article is brought to you by Straits Interactive.
SMU Academy is proud to partner with Straits Interactive to provide the most comprehensive adult learning and professional development programmes for data protection officers and professionals in Singapore.
