Consumers are not the only ones concerned about data protection; there is a clear business case for companies to better protect data too.
(Apr 29): Consumers today expect businesses to handle their personal data with care. When data is misused, trust is lost, according to a consumer survey conducted by the Personal Data Protection Commission (PDPC).
The survey found that 68% of the respondents rate the sharing of data without consent as the top reason they would lose confidence in businesses keeping their data. The other reasons are when personal data is misused (65%), when there is a security breach or hack (57%) and when the companies send irrelevant messages to customers (51%).
With legislation such as the European Union’s General Data Protection Regulation and Singapore’s Personal Data Protection Act (PDPA) already in existence, businesses need to think about how they should handle their customers’ data or risk falling foul of the law.
Businesses appear to be already aware of their obligations under the PDPA. According to the PDPC survey, 95% of industry respondents are aware of their data protection obligations. Businesses are also becoming aware of the beneficial effects of the PDPA, with 91% finding it beneficial to consumers and 82% finding it beneficial to organisations.
Nearly all of the industry respondents already have in place some form of measure to comply with the PDPA.
Beyond compliance, businesses can build customer trust by obtaining the new Data Protection Trustmark (DPTM). It would demonstrate that the organisation adopts accountable and responsible data protection practices and help increase its competitive advantage. This is advantageous, especially for small and medium-sized enterprises as they seek to establish their brands.
The DPTM certification establishes a robust data governance standard and can help businesses independently verify their data protection regime while giving customers the assurance that their data would not be misused. Companies can also discover potential weaknesses and take measures to mitigate them.
The online application process starts with the filling in of the self-assessment form and submitting it to the selected assessment body. The third-party assessment body will conduct a comprehensive review of the company’s data protection regime through both documentary and onsite assessment. The applying company will be given a time frame to rectify any non-compliance found before IMDA reviews the assessment report and decides whether to award the certification.
Certified companies can then display the DPTM certification mark and be listed as a certified organisation on the IMDA website. The entire process is estimated to take between two and four months.
The criteria for DPTM certification are based on the principles of governance and transparency, management of personal data, care of personal data and individuals’ rights. Companies will be checked on whether they have the appropriate policies, processes and practices in place, as well as whether they provide the necessary access and controls to individuals for the data the companies collect.
Businesses may perceive the certification as unnecessary for the bottom line, but consumers view it differently. According to the PDPC survey, two in three consumers consider the DPTM when making purchases and are willing to share personal data with companies that have the DPTM. Furthermore, eight in 10 consumers agree that companies that handle personal data should apply for the DPTM.
As data leaks and breaches become more common, having processes and certification for your data-handling practice is definitely a boon to develop customer trust and build a competitive advantage.
