Must organizations in the region really be mandated by pervasive GDPR-like laws before they fall in line autonomously with consumer dictates?

When data abuse is discussed, people immediately think of data breaches or data leaks. While data privacy and data security are interrelated, the two are not the same.

Improving data security is always a good idea, but as the same tools to fight hacks cannot be applied to increasing data privacy, the former is merely scratching the surface of issue. 

Fortunately, data privacy has gained greater attention, with regulators and technology companies pushing the privacy agenda for end consumers. However, this is still insufficient. In South-east Asia, data privacy adoption has advanced at different rates: some countries have already passed data privacy laws, while other regional regulators are establishing guidelines only this year.

This gap in regulations has left the door open for firms to autonomously decide what is “best for the business” over the privacy needs of customers. In addition, this lack of clarity in data privacy compliance also stems from the region not reskilling and upskilling rapidly enough to meet the demands for data protection talent, according to some sectors.

Gibu Mathew, VP and GM (APAC), Zoho Corp

Privacy is trust

Today, data on every visit, click or online activity is being captured, mined and used by organizations, retailers and technology vendors to deliver personalized campaigns to target consumers. Customers are increasingly aware of the potential for abuse of their data, and they are savvy enough to define their own privacy settings when browsing the web.  

Taking it a step further, today, consumers are already voting for privacy with their wallets — by choosing to support only businesses that value data privacy. However, not every business upholds data privacy.

In Europe, the GDPR and ePrivacy Directive requires the user to provide consent before businesses are allowed to use any cookies, a technology concept used by web browsers, except for those related to website functionality. In South-east Asia, organizations lack a comprehensive regional framework for the management of cookies, online visitor tracking, and handling of personally identifiable data.

With more businesses turning to cloud applications, it is also important to for consumers and corporate partners to ensure that their suppliers value the privacy of business data. While government bodies like the Monetary Authority of Singapore and Bank Negara Malaysia have set privacy rules for banks and financial institutions, the private sector needs to be better organized or risk losing the trust of customers permanently.

Enterprises should also prepare for a post-cookie digital world by adopting pro-consumer privacy policies and safeguard consumer data with privacy technologies. By championing customer privacy, businesses gain the trust and confidence of an increasingly digitally-savvy audience.

Data-handling aside, as it becomes common for businesses to turn to various vendors for their business application needs, leaks or breaches arising from along the supply chain will become an increasing risk. To address this, organizations need to conduct regular reviews with service providers to ensure business and consumer data is appropriately safeguarded. This should be a rigorous part of the business process and not to be taken for granted.  

Keeping employees safe

Apart from looking outside the organization, business owners should also consider data breach prevention by keeping their own employees safe.

Security tools, login authentications, VPNs, appropriate business application usage patterns and encryption solutions can help enterprises protect customer data, especially in the age of hybrid- working. As privacy becomes a bigger concern among consumers the use of clean rooms, differential privacy and encryption protocols will also need to be stepped up. 

Finally, as global ideas on consent and data privacy evolve and create a domino effect, businesses need to go beyond digital transformation to an ‘ideological transformation’ in the way they treat customer data and how they use it for business.

Challenges are always a welcome opportunity for enterprises to organize themselves and course-correct through proactive policy making. Efforts must be made to safeguard user privacy continually before regulations come into force in the region.