Spotlight on... Louis Tan from AsiaDPO, an expert group representing DPOs

2020-03-23
Article Banner

In this edition, we feature Louis Tan who works in Experian and plays a key role in AsiaDPO, non profit organisation representing the views of DPOs to the local regulator


Please share with us your background

I am currently working in Experian, a Global Multi-National Corporation. I am dealing in data protection / data privacy as part of my job role. I am also presently the Secretary for AsiaDPO (Asia Data Protection Officers) a non-profit organisation. 


Can you tell us more about AsiaDPO and what they do?

Spotlight on... Louis Tan from AsiaDPO, an expert group representing DPOs

The group acts as a connection point for AsiaDPO members to communicate and build rapport with privacy and data protection regulators in Asia; and collectively, we collaborate with leaders of the business community, associations, academia, or any other groups or bodies interested in the advancement and development of privacy and data protection in Asia.


Can anyone join AsiaDPO?

To join, you must be the DPO of your organisation or hold a substantially equivalent portfolio relating to data governance/privacy/data protection, your organisation must have a Singapore or Asia Pacific Presence and you must generally be able to attend AsiaDPO meetings in person. 


How did you get interested in data privacy/protection? When did you first get involved and exposed to the importance of data privacy/protection?

Sometime between 2012 to 2013, I saw emerging trends of data protection / data privacy rising across in the EU, US and in some parts of Asia (specifically Singapore). This spurred me to switch my role from Compliance in the Financial Industry to join Data Protection / Data Privacy Industry. 


What data privacy courses did you take from DPEX Network and why? How was that different from other courses you took?

I have so far obtained an Advanced Certificate in Data Protection in Operational Excellence from SMU Academy, where Straits Interactive is a Programme Partner. I am still continuing with the other courses conducted by Straits Interactive-DPEX Network. The courses conducted by Straits Interactive-DPEX Network are well above industry standards. Very operational related and dealing with real life situations. The trainers and the course materials have a very pragmatic approach. Very easy to relate to the course intended purpose and outcome. It gives extra knowledge (not just reading) but real hands on materials and situations for class interactions which involve personal and group studies.


What is your current job role? Which privacy functions are you involved in?

My current job role is in Regional Governance in APAC. One of the key areas of my role involves in Data Protection and Data Privacy. This is on top of Enterprise Risk Management, Compliance, Information Security, Information Technology, BCP, Third Party Risk Management, and managing first line of defence in the business. 


What practical advice would you offer to those wanting to implement a data protection management programme in their organisation?

A Data Protection Management Programme (DPMP) is aimed at creating a data protection infrastructure to help organisations. It includes policies, procedures and processes which is encapsulated within a Risk Management framework. DPMP is to identify various data protection risks, how to handle and manage personal data in the organisation. DPMP also aims to define clear roles and responsibilities across all levels in the organisation, and expecting clear accountability being displayed from the CEO down to every employee in the organisation.

I will term DPMP as a fundamental framework that must include Risk Management. The purpose of DPMP is to demonstrate and articulate the organisation's ability to manage and handle data protection.

Critically, having a DPMP in the organisation can only lead to positive credence to its image, promotes positive confidence to their own management and also gives assurance to the regulators. DPMP creates real high tangible value to the shareholders and critically, creates real and positive meaningful trust-relationships with clients and business partners which is a win-win situation in all aspects.


Any interesting case, experience or scenarios to share for readers to get more insights into data privacy?

I will strongly encourage readers to follow our Singapore PDPC and other Data Protection Regulators' enforcement actions in Asia and also in the EU. In Singapore, the limelight has been on the breach of the Protection and Accountability obligations. In the EU, there is an increased traction in enforcing GDPR against organisations that failed to comply with its obligations. In the US, the CCPA in California is one that needs more reading on its possible impacts as well. I will also strongly encourage readers to read and understand the findings and basis of the determination and lastly, the Commissioner's direction in each of the enforcement actions. All these have an impact on why data protection and data privacy is so key important to any organisation.


What advice do you have for others?

I strongly recommend anyone who has an interest in data protection / data privacy to take and complete all the certifications and international certifications conducted by Straits Interactive-DPEX Network. It is important to continue to learn and bring value to the work that you are doing and be recognised in the field of Data Protection / Data Privacy.

For those who are still considering and undecided whether to embark on a data protection / data privacy journey, my advice is to go for the Practical Approach to Data Protection course conducted by Straits Interactive at SMU Academy. This will give you a better perspective and basic understanding on the importance of Data Protection / Data Privacy.


Any final words or thoughts?

Straits Interactive-DPEX Network is probably the best training and consultancy firm in the market that I have encountered so far. I have learned so much from the trainers and also from the participants. It is important that the trainers are always more than ready to share, guide and are keen to make you succeed. This is their winning edge which sets them apart from the others. 


By -  Leong Wai Chong (GRCP)



Unlock these benefits
benefit

Get access to news, enforcement cases, events, and actionable tips and guides

benefit

Get regular email updates and offers

benefit

Job opportunities, mentorship and career guidance

benefit

Exclusive access to Data Protection community - ask questions, network and share knowledge with peers and experts via WhatsApp and Linkedin

Topics
Related Articles