Since the COVID-19 pandemic started, it has disrupted life in ways that are unprecedented and the data protection space is no exception. Throughout the year, several high-profile data breaches have made massive headlines worldwide and have brought the privacy landscape to the forefront.
Understandably, this development has also caused a rapid rise in data privacy jobs. In the same manner, data privacy certification and other personal data protection related programmes and courses are also being offered to ensure data protection officers are better skilled and equipped to perform their duties.
According to DPEX Centre, their regional data protection trends forecast includes the following predictions:
Prediction #01: There will be ongoing privacy and data breaches due to COVID-19.
The pandemic has expedited digitalisation. However, it has also created vulnerabilities and risks that resulted in more breaches. Pandemic-related tracing activities like the monitoring and verification of vaccinated individuals as well as the implementation of vaccinated travel lanes will also increase more risks if data is not handled accordingly.
That said, companies need to be more vigilant. In line with this, they should implement more robust security and privacy measures to ensure they comply with the data protection regulations like the Personal Data Protection Act (PDPA).
Prediction #02: There will be intrusive home surveillance to WFH (work from home) practices.
Since the pandemic has not shown any signs of slowing down, many organisations have decided to continue the WFH arrangements. This is done with the employees’ safety and well-being in mind and for the sake of business continuity. However, organisations have also implemented monitoring and surveillance software in the mix.
Monitoring and surveillance software are used to help ensure employees are actually working and not abusing the WFH arrangement. Unfortunately, monitoring and surveillance technologies are not only considered intrusive, they are also known to breach data privacy requirements.
Data protection officers or anyone pursuing a data privacy career path need to be able to effectively assess relevant risks and carry out data protection impact assessments on new surveillance measures and monitoring software. They also need to review WFH policies and gauge if they comply with these new projects.
Prediction #03: There will be continued interest in certifications for individuals and organisations.
To demonstrate data protection accountability and as a seal of approval for local organisations, Singapore has continued to adopt the Data Protection Trustmark (DPTM). Additionally, they also introduced a new Credence Data Trust Rating System that’s designed to evaluate the effectiveness of an organisation’s data protection practices.
In the Philippines, they have also introduced a new Philippine privacy certification known as the Philippines Privacy Trust Mark (PPTM). The PPTM is designed to demonstrate the region’s goals of boosting consumer confidence in the management of personal data. The PPTM also provides certified businesses with a competitive advantage.
Prediction #04: There will be more regulatory attention to big tech and will internationally spill over into ASEAN.
DPEX Centre also predicts that in 2022, more enforcement against online companies and social media for illegal processing and intrusive privacy practices will be carried out. Authority enforcements are also expected to increase in 2022. Also, regulatory attention on big tech companies might result in more organisations violating data protection laws such as the CPPA, PDPA, GDPR, and the PIPL.
Prediction #05: There will be a stronger demand for Data Protection Officers (DPOs) to continue in the region.
The first four trends we have listed above will reinforce the importance of having a Data Protection Officer. It is also expected that by 2022, all the ASEAN region’s founding members will have data protection laws set in place. Thailand, India, and Indonesia are expected to introduce their own data protection law while China has enacted their own Personal Data Information Protection Law.