In a digitised economy, catalysed by the COVID-19 pandemic, online transactions and WFH (work from home) arrangements become the new normal. Whilst this allows the economy to hum under the MCO (Movement Control Order) or lockdown, it has increased the risk of a data breach. Organisations have to be mindful of the risks involved and this will lead to even stronger demand for data protection profession and cybersecurity professions.
This is because personal data is not just collected on an online form, stored in a system. In a digitized (or even non-digitised organisation) environment, the risk lies in the Information Lifecycle which is found throughout the processing which involves personal data in an organisation, comprising:
Why do Data Breaches Happen in the first place?
An answer to this question was classified into three buckets:
1. Failure to Identify Risks
2. Identified Risks – However failed to Implement mitigation measures
3. Identified Risks and Implemented mitigation measures – Yet it happened
Identifying risks is a fundamental exercise to ensure appropriate controls can be designed and put in place. Thereafter follow-ups on actions or risk mitigation measures taken is crucial. It takes a trained data protection officer to work and coordinate with the various business line operations to identify the risks, devise and deploy the mitigation measures.
Even if the risks are identified and mitigation measures implemented, data breach may happen to organisations. The 7 Common Mistakes that organisations make are:
1. Insufficient data protection measures
2. Little or no information security practices
3. Vulnerable IT infrastructure to online threats
4. Improper training - policies not communicated
5. Disjointed practice
6. Complacency
7. Poor third parties and contract management.
These are common risks that not only DPOs but (GRC) risk managers face under the new normal.
To mitigate risks and effect from these mistakes, the organization (through its DPO) need to take the 6 basic steps:
Join our free upcoming Malaysia PDPA Webinar on 7 May, 3 pm on the topic "e-Commerce - Effectively managing data protection during rapid digitalisation". Click here to find out more
Find out more about the training and upskilling by clicking here.
Talk to experts in setting up a data protection governance and management programme.
Article By: Benjamin Shepherdson, GDPR & Info Sec (EXIN), CIPM, GRCP, Country Manager/Director (Malaysia) Straits Interactive Pte Ltd. and
Leong Wai Chong, CIPM, GRCP
Photo by Chris Montgomery on Unsplash, Background photo created by www.slon.pics
The views and opinions expressed in this article are those of the author and do not necessarily reflect the official view or position of DPEXNetwork.
Get access to news, enforcement cases, events, and actionable tips and guides
Get regular email updates and offers
Job opportunities, mentorship and career guidance
Exclusive access to Data Protection community - ask questions, network and share knowledge with peers and experts via WhatsApp and Linkedin
DPEX Network is a Community Initiative of Straits Interactive.
Copyright © Straits Interactive Pte Ltd. All Rights Reserved.
All intellectual property rights to logos and brands featured on this website remain the property of their respective owners.