The role of the Data Protection Officer has been in the spotlight recently.
In recent months, new personal data protection laws have been passed and have come full into force in countries across ASEAN, including Thailand and Indonesia. The laws in both countries require organisations to appoint a data protection officer, or DPO, in order to be compliant.
This followed announcements by regulators in the Philippines and Singapore, where DPO appointments are mandatory, that clarified and raised the limits of administrative fines that may be imposed upon those who fall foul of data protection laws in both jurisdictions.
In Singapore, administrative fines can now amount to over SGD1 million as the maximum financial penalty is now 10% of annual local turnover, should that turnover be above SGD10 million.
And in recent weeks, the tech giant Twitter, now owned by the richest person in the world, Elon Musk, after a well-publicised takeover, has seen its chief privacy officer and DPO leave the company. The firm then notified the Irish Data Protection Commission that an “acting DPO” had been appointed.
Demand for DPOs ramping up in ASEAN
In ASEAN, the five founding members – Singapore, Malaysia, Indonesia, Thailand and the Philippines – now all have data protection laws passed or in force.
According to Straits Interactive CEO Kevin Shepherdson, Vietnam and Brunei are expected to launch their own data protection laws in 2023. He said that this would mean that all the major ASEAN members, with the exception of Cambodia, Laos and Myanmar, would have data protection laws in place.
“From a socio-cultural perspective, protecting personal information and the privacy of individuals will firmly become a business culture in ASEAN,” he added. “Companies need to respect the rights of individuals in terms of how their personal information is being collected, used, disclosed and stored.”