Search
Close this search box.

We are creating some awesome events for you. Kindly bear with us.

How to reduce data-driven business risk while boosting data-driven business value

How to reduce data-driven business risk while boosting data-driven business value

Big data is no longer a buzzword. It is has become central to how organisations function. Both public and private sector entities are seeking to unlock the potential of the data they hold and continue to capture.

Simultaneously, there is rising concern over data management. Increasingly stringent regulations are being passed for handling of personal data and privacy protection. The foremost example is the EU General Data Protection Regulation (GDPR), which is coming into effect on May 25, 2018.  The situation is further complicated by the shift to cloud environments.  

The risks of non-compliance have risen enormously. The stakes go way beyond financial penalties or losses, extending to reputation and customer/ citizen trust.

OpenGov spoke to Praveen Kumar, APAC General Manager, ASG Technologies to learn more about how enterprises can continue to derive value from data, while minimising the risks and complying with regulations.     

What are the biggest trends in management and governance of personal data today, while storing, processing and transferring data within and between organisations? Could you tell us about developments and challenges in both the private and public sector?

The conflicting demands for more and faster data-driven business value and reduced data-driven business risk are the biggest issues for enterprises today. Across the APAC region, enterprises are rapidly adopting new technology such as cloud, without a clear view of where their data is hosted.

At the same time enterprises are increasingly faced with regulations that require them to implement a comprehensive data governance policy. The upcoming EU General Data Protection Regulation (GDPR) is one such example. As such, APAC companies are challenged to balance between ensuring they get the insights and analysis from the data they create, store, analyse while still managing and safeguarding that data.

This is where ASG comes in – our technology discovers and maps data and analyses data lineage, providing a key foundation for GDPR compliance. 

GDPR has been called probably the most important piece of privacy regulation in 20 years or more. What in your view are the biggest changes going to be brought about by the GDPR? 

GDPR introduces new rights for individuals, and new responsibilities for data processors. GDPR enhances the rights of individuals especially around the right to be forgotten. It governs data portability, data profiling, and the use of personal data in automated decision making. It increases the obligations on data processors to implement and maintain both conditional and technical measures to protect personal data.

And it introduces the concept of privacy by design, which requires each new service or business process that makes use of personal data to take protection of the data into consideration.

This new complexity will require robust data governance. Firms need to understand where personal data is held, and how it flows between applications and processes. For example, GDPR’s notification provisions require data controllers to inform data subjects how their data is being processed in a fair and transparent manner, and give the individual the right to withdraw data if they wish. This translates into a broad accountability requirement for enterprises to keep records of how they process personal data and how they protect it.

How are organisations outside of the EU affected by the GDPR?

The GDPR will have a global impact on all companies that process the Personally Identifiable Data (PID) of European citizens. Whether businesses reside in the EU or not, local and regional companies that deal with EU consumers or employees will have to comply or risk running into hefty fines. This is particularly impactful for Singapore, as it is the EU's largest commercial partner in ASEAN, accounting for slightly under one-third of EU-ASEAN trade in goods and services.

GDPR is also part of a trend towards the globalisation of data regulation, in the same vein as Anti Money Laundering and know Your Customer regulation.

Today a business might be incorporated in one country, with customers in another country and cloud providers in a third country. How do you see organisations in Asia-Pacific dealing with the challenge of complying with regulations and data lineage guidelines from multiple jurisdictions?

Being GDPR compliant will naturally help companies stay compliant with local data regulations, as it helps businesses stay on top of their data hygiene habits. Most jurisdictions in Asia have already enacted data protection laws that provisionally allow personal data to be collected, stored and transferred where an individual has given consent.

The additional step with the GDPR is the full scope and amount of data that a company has to handle. In this way, fulfilling GDPR regulations will help Asian enterprises to meet local requirements as well.

Small and medium business (SMBs) also need to be more vigilant, and due to the current competitive economic landscape, they will have a steeper hill to climb, especially if they are not on the road to being compliant.

However, there are steps SMBs can take to safeguard themselves. Adopting a more pragmatic approach – such as doing research on what it takes to be more transparent with their data – could be helpful for them in the long run. On top of this, accountability for their actions and the data they store will definitely be useful, especially if they are faced with a data subject request from the relevant authorities. Evidence of some action to address GDPR compliance may encourage regulators to be more lenient, whereas inaction will surely draw their wrath!

How can organisations, whether public or private, work towards becoming compliant in this increasingly complex regulatory environment? What are the risks if they fail to do so?

Complying with GDPR is grounded on a full understanding where personally identifiable data is sourced and how it is used. For example, companies must make sure that the data that they have is only used for the purposes specified when collected.

To achieve this, your organisation must map data and content estates, business processes, and data flows that involve PID. Regulations will require companies to demonstrate they know what data have been collected and how they are used.

Only then will you be, ready to begin protecting personal information. With a policy-based management of content, you can put processes in place for obtaining (and managing) consent for storing personal information.

With data mapping already taking place, you’ll know where the PID is stored and have the processes to apply policy-based retention procedures against data collected on individuals.

Once you’ve identified the processes, you’ll need to enact governance to manage the use and the quality of the PID. This includes reviewing new processing activities, assuring compliance, responding to people’s requests for information and action about their PID, responding to audits and setting internal standards within your organisation.

To ensure compliance across the board, reporting on governance is crucial. Create reports that provide a management view of PID usage. Within these reports, you can prove knowledge of what data is being processed and for what purpose.

The implications for businesses that fall under the remit of the GDPR are significant. Organisations which fail to comply will be subject to a fine of up to 4 percent of global turnover, or EUR 20 million, whichever is greater.

Can you tell us about how the current cybersecurity landscape is affecting data management?

Given th
e evolving threat landscape and wealth of new technologies introducing risk, the GDPR regulations are providing a new opportunity for CIOs and IT directors to build a data privacy and cybersecurity programme that will better position the company to deal with future threats.

As the GDPR has set a definitive price on cyber risk, secure data management is becoming a key priority for enterprises today. While cybersecurity and privacy management are not the same, they are closely related. Mapping the use of personal information provides key insight into how cybersecurity measures should be deployed.

PARTNER

Qlik’s vision is a data-literate world, where everyone can use data and analytics to improve decision-making and solve their most challenging problems. A private company, Qlik offers real-time data integration and analytics solutions, powered by Qlik Cloud, to close the gaps between data, insights and action. By transforming data into Active Intelligence, businesses can drive better decisions, improve revenue and profitability, and optimize customer relationships. Qlik serves more than 38,000 active customers in over 100 countries.

PARTNER

As a Titanium Black Partner of Dell Technologies, CTC Global Singapore boasts unparalleled access to resources.

Established in 1972, we bring 52 years of experience to the table, solidifying our position as a leading IT solutions provider in Singapore. With over 300 qualified IT professionals, we are dedicated to delivering integrated solutions that empower your organization in key areas such as Automation & AI, Cyber Security, App Modernization & Data Analytics, Enterprise Cloud Infrastructure, Workplace Modernization and Professional Services.

Renowned for our consulting expertise and delivering expert IT solutions, CTC Global Singapore has become the preferred IT outsourcing partner for businesses across Singapore.

PARTNER

Planview has one mission: to build the future of connected work. Our solutions enable organizations to connect the business from ideas to impact, empowering companies to accelerate the achievement of what matters most. Planview’s full spectrum of Portfolio Management and Work Management solutions creates an organizational focus on the strategic outcomes that matter and empowers teams to deliver their best work, no matter how they work. The comprehensive Planview platform and enterprise success model enables customers to deliver innovative, competitive products, services, and customer experiences. Headquartered in Austin, Texas, with locations around the world, Planview has more than 1,300 employees supporting 4,500 customers and 2.6 million users worldwide. For more information, visit www.planview.com.

SUPPORTING ORGANISATION

SIRIM is a premier industrial research and technology organisation in Malaysia, wholly-owned by the Minister​ of Finance Incorporated. With over forty years of experience and expertise, SIRIM is mandated as the machinery for research and technology development, and the national champion of quality. SIRIM has always played a major role in the development of the country’s private sector. By tapping into our expertise and knowledge base, we focus on developing new technologies and improvements in the manufacturing, technology and services sectors. We nurture Small Medium Enterprises (SME) growth with solutions for technology penetration and upgrading, making it an ideal technology partner for SMEs.

PARTNER

HashiCorp provides infrastructure automation software for multi-cloud environments, enabling enterprises to unlock a common cloud operating model to provision, secure, connect, and run any application on any infrastructure. HashiCorp tools allow organizations to deliver applications faster by helping enterprises transition from manual processes and ITIL practices to self-service automation and DevOps practices. 

PARTNER

IBM is a leading global hybrid cloud and AI, and consulting services provider, helping clients in more than 175 countries capitalize on insights from their data, streamline business processes, reduce costs and gain the competitive edge in their industries. Nearly 3,800 government and corporate entities in critical infrastructure areas such as financial services, telecommunications and healthcare rely on IBM’s hybrid cloud platform and Red Hat OpenShift to affect their digital transformations quickly, efficiently, and securely. IBM’s breakthrough innovations in AI, quantum computing, industry-specific cloud solutions and business services deliver open and flexible options to our clients. All of this is backed by IBM’s legendary commitment to trust, transparency, responsibility, inclusivity, and service. For more information, visit www.ibm.com