SINGAPORE (June 4): The European Union’s much-discussed General Data Protection Regulation (GDPR) kicked in on May 25. Companies now need to get consent to process personal data from all EU citizens they serve and make it easy for them to withdraw that consent. Companies also have to design systems that protect customer data, and inform customers promptly when a breach occurs.

These new rules could have implications on locally listed companies and, by extension, their shareholders. The GDPR applies not just to EU-based companies but to anyone serving EU citizens, which means local companies have to take data security much more seriously.

Organisations in breach of GDPR can be fined up to 4% of annual global turnover or €20 million ($31 million), whichever is greater. This is much more than the $100,000 maximum fine imposed in Singapore for breaches of the Personal Data Protection Act. The Cybersecurity Act — which was passed in February and requires critical information infrastructure owners in the energy, water, banking and finance, healthcare, transport, government, infocomm, media, and security and emergency services industries to report breaches — also has a maximum penalty of $100,000.

To continue reading,

Sign in to access this Premium article.

Subscription entitlements:

Less than $9 per month
3 Simultaneous logins across all devices
Unlimited access to latest and premium articles
Bonus unlimited access to online articles and virtual newspaper on The Edge Malaysia (single login)
Related Stories

Stay updated with Singapore corporate news stories for FREE

Follow our Telegram | Facebook