In this edition, we feature Louis Tan who works in Experian and plays a key role in AsiaDPO, non profit organisation representing the views of DPOs to the local regulator
I am currently working in Experian, a Global Multi-National Corporation. I am dealing in data protection / data privacy as part of my job role. I am also presently the Secretary for AsiaDPO (Asia Data Protection Officers) a non-profit organisation.
Spotlight on... Louis Tan from AsiaDPO, an expert group representing DPOs
The group acts as a connection point for AsiaDPO members to communicate and build rapport with privacy and data protection regulators in Asia; and collectively, we collaborate with leaders of the business community, associations, academia, or any other groups or bodies interested in the advancement and development of privacy and data protection in Asia.
To join, you must be the DPO of your organisation or hold a substantially equivalent portfolio relating to data governance/privacy/data protection, your organisation must have a Singapore or Asia Pacific Presence and you must generally be able to attend AsiaDPO meetings in person.
Sometime between 2012 to 2013, I saw emerging trends of data protection / data privacy rising across in the EU, US and in some parts of Asia (specifically Singapore). This spurred me to switch my role from Compliance in the Financial Industry to join Data Protection / Data Privacy Industry.
I have so far obtained an Advanced Certificate in Data Protection in Operational Excellence from SMU Academy, where Straits Interactive is a Programme Partner. I am still continuing with the other courses conducted by Straits Interactive-DPEX Network. The courses conducted by Straits Interactive-DPEX Network are well above industry standards. Very operational related and dealing with real life situations. The trainers and the course materials have a very pragmatic approach. Very easy to relate to the course intended purpose and outcome. It gives extra knowledge (not just reading) but real hands on materials and situations for class interactions which involve personal and group studies.
My current job role is in Regional Governance in APAC. One of the key areas of my role involves in Data Protection and Data Privacy. This is on top of Enterprise Risk Management, Compliance, Information Security, Information Technology, BCP, Third Party Risk Management, and managing first line of defence in the business.
A Data Protection Management Programme (DPMP) is aimed at creating a data protection infrastructure to help organisations. It includes policies, procedures and processes which is encapsulated within a Risk Management framework. DPMP is to identify various data protection risks, how to handle and manage personal data in the organisation. DPMP also aims to define clear roles and responsibilities across all levels in the organisation, and expecting clear accountability being displayed from the CEO down to every employee in the organisation.
I will term DPMP as a fundamental framework that must include Risk Management. The purpose of DPMP is to demonstrate and articulate the organisation's ability to manage and handle data protection.
Critically, having a DPMP in the organisation can only lead to positive credence to its image, promotes positive confidence to their own management and also gives assurance to the regulators. DPMP creates real high tangible value to the shareholders and critically, creates real and positive meaningful trust-relationships with clients and business partners which is a win-win situation in all aspects.
I will strongly encourage readers to follow our Singapore PDPC and other Data Protection Regulators' enforcement actions in Asia and also in the EU. In Singapore, the limelight has been on the breach of the Protection and Accountability obligations. In the EU, there is an increased traction in enforcing GDPR against organisations that failed to comply with its obligations. In the US, the CCPA in California is one that needs more reading on its possible impacts as well. I will also strongly encourage readers to read and understand the findings and basis of the determination and lastly, the Commissioner's direction in each of the enforcement actions. All these have an impact on why data protection and data privacy is so key important to any organisation.
I strongly recommend anyone who has an interest in data protection / data privacy to take and complete all the certifications and international certifications conducted by Straits Interactive-DPEX Network. It is important to continue to learn and bring value to the work that you are doing and be recognised in the field of Data Protection / Data Privacy.
For those who are still considering and undecided whether to embark on a data protection / data privacy journey, my advice is to go for the Practical Approach to Data Protection course conducted by Straits Interactive at SMU Academy. This will give you a better perspective and basic understanding on the importance of Data Protection / Data Privacy.
Straits Interactive-DPEX Network is probably the best training and consultancy firm in the market that I have encountered so far. I have learned so much from the trainers and also from the participants. It is important that the trainers are always more than ready to share, guide and are keen to make you succeed. This is their winning edge which sets them apart from the others.
By - Leong Wai Chong (GRCP)
Get access to news, enforcement cases, events, and actionable tips and guides
Get regular email updates and offers
Job opportunities, mentorship and career guidance
Exclusive access to Data Protection community - ask questions, network and share knowledge with peers and experts via WhatsApp and Linkedin
DPEX Network is a Community Initiative of Straits Interactive.
Copyright © Straits Interactive Pte Ltd. All Rights Reserved.
All intellectual property rights to logos and brands featured on this website remain the property of their respective owners.