Spotlight On – Seha Yatim, Snr Policy Manager, APAC.

Please share with us your background (The organisation you work, your role, especially in relation to Data protection)

I am a consultant at Access Partnership, the world’s leading technology policy consulting firm. I advise clients on the developments of data privacy regulations in the region, assess the impact on their operations, and support their engagement with the data protection authorities.

How is it that you got interested in data privacy/protection? When did you first get involved and exposed to the importance of data privacy?

I became interested in data privacy work in 2017. After the passing of the GDPR in 2016, the APAC region became more interested in the issue of privacy and regulators started to build their own privacy frameworks. I also co-drafted the report on Regional Privacy Frameworks that compares international privacy frameworks and the regulations in the APAC region. I enjoy the work around this issue as is transboundary and have a significant impact on all types of businesses, as well as consumers.

What data privacy courses did you take from Straits Interactive/DPEX Network and why? How was that different from other courses you took? (If you do not mind, this can be input for our testimonial as well)

I took the CIPP/A training course with Straits Interactive before sitting for the examination. I value the network gained through the Straits. We can continue to bounce ideas and questions with the instructors and course mates. This is important given that privacy policies implementation are still evolving.

How is Data Protection knowledge useful for the sector you are working in?

Data protection knowledge is important in helping me assess the impact on clients and advising them on the internal policies or positions they can take on data policies. At the same time, the understanding of data protection helps facilitates discussion with regulators and can help with consensus-building efforts.

What practical advice would you offer to those wanting to implement a data protection management programme in their organisation? Any interesting case, experience, or scenarios to share for readers to get more insights into data privacy?

It is important to get buy in from senior management. Their involvement can help an organisation determine their data protection goals, unite different units to work together, and allocate resource efficiently to address the highest priorities. Not getting senior management buy in makes it difficult for a data protection officer to achieve his goals as data protection may be deemed as a “cost center” rather than a strategic value.  

What advice do you have for others?

It is never too late to start building up on your data protection knowledge. Taking courses could be the first step. For those who are implementing data protection management programmes, it would be useful to highlight the impact on the business, whether it is avoiding potential fines that can be imposed or gaining consumer trust to stand out from competitors.