From Cogs To Bytes – A Data Protection Career In Industrial Automation

By Alvin Toh 

Amidst ongoing digitalisation, industrial automation, often referred to as Industry 4.0, has seamlessly integrated personal data into its operations. As the Industrial Internet of Things (IIoT) advances, it has heralded an era of interconnected devices, predictive analytics, data-driven decision-making in the industrial automation sector. This influx of data, while pivotal for optimising operations, has propelled the need for skilled data protection professionals and created many new positions in the data protection industry.

In the manufacturing sector, personal information, including biometric data and identifiable media, is collected from various sources. Video surveillance, a common practice for ensuring safety and security compliance, exemplifies the prevalence of Personal Identifiable Information (PII) being collected and analysed to enhance operational practices. I believe the consequential need for robust rules on personal data protection and governance is more significant than ever to mitigate risks of misuse or unauthorised access.

According to a Singapore-based job search study, conducted by the Data Protection Excellence (DPEX) Centre, found a 125% increase in data protection jobs in 2022 from 2021. It also found a 608% increase in hiring for Data Governance roles in various sectors from 2021, such as in Banking & Finance, Business Services, IT and Health. Job titles of managerial level and above are becoming more frequent. This surge is reflective of a broader trend observed in the manufacturing sector, emphasising the rising demand for data protection professionals.

The integration of IIoT in manufacturing necessitates stringent practices and controls to protect sensitive information, ensuring the integrity, confidentiality, and availability of data in their networks, systems and processes. This is where Data Protection Officers (DPOs) step in, playing a pivotal role in operationalising these best practices and controls as well as managing data governance. The demand for DPOs is further fuelled by the maturing regional regulatory landscapes in Southeast Asia, with mandatory DPO appointments and increased fines for non-compliance.

Despite the presence of skilled IT professionals in companies, a significant privacy skills gap persists. The focus on cybersecurity risks often overshadows mandatory privacy compliance regulations. Recognising this gap presents a unique career growth opportunity for professionals within infosecurity functions to become competent data protection experts through adequate specialised training in personal data privacy. This can be achieved through hands-on training for DPOs or certifications like the ISO27701 Privacy Information Management System (PIMS), which adds a privacy perspective on top of the ISO27001 Information Security Management Systems (ISMS) certification that most cybersecurity professionals already have. 

The data protection sector is set to grow rapidly in the coming years and, as a result, more can be expected from DPOs. Data breaches in the manufacturing industry can have many adverse consequences, ranging from operational and supply chain disruptions to loss of business continuity, leading to unhappy customers and legal outcomes. To prevent this, DPOs oversee the implementation of Data Protection Management Programmes (DPMP) in companies. Regulators like the Personal Data Protection Commission (PDPC) in Singapore have issued clear guidelines for how DPOs should implement a robust DPMP with a framework summarised as G-A-P-S-R (Governance, Assessment, Protection, Sustainability, Response).

When it comes to Governance, DPOs help manage how personal data is collected, used, disclosed, and stored, ensuring compliance with data protection laws. They work with relevant departments to close any gaps in data processing operations, update privacy policies, and provide training to staff.

With regard to assessment, DPOs assess risks related to the processing of personal data, including conducting Data Protection Impact Assessments (DPIAs) on new technologies and data processes.

In terms of protection they implement policies and processes for handling personal data securely to safeguard against identified risks. Sustainability means that DPOs maintain compliance efforts by communicating data protection policies to stakeholders, conducting audits, and monitoring risks continually. And last but not least the role of the DPO involves managing queries, complaints, and liaising with data protection regulators in the event of data breaches. DPOs play a vital role in demonstrating accountability to regulators.

As the manufacturing sector embraces more embedded AI in the future, DPOs will need to enact AI Governance. The International Association of Privacy Professionals (IAPP) has recently introduced the Artificial Intelligence Governance Professional (AIGP) certification, addressing the emerging AI Governance profession. 

For those in the manufacturing sector seeking to stay current with the privacy landscape, platforms like the DPEX Network offer insights into the latest career trends and competency roadmaps. Professional certifications in data protection and data governance, in collaboration with certification bodies such as EXIN, IAPP, OCEG and PECB, as well as educational institutions like Singapore Management University (SMU) and the Asian Institute of Management (AIM), provide avenues for upskilling.

This article was first published on IAA Magazine on 23 May 2024.