Bridging the PDPA Talent Gap
At BeathChapman, our Legal, Risk and Compliance division focuses solely on helping our broad range of clients find the right talent for their in-house functions. With the recent global financial crisis, and resulting changes in regulations, we have noticed an increased demand specifically for risk management and compliance experience. Clearly, the regulatory environment is becoming more complex and stringent, with the most recent one being the Personal Data Protection Act (PDPA) that many companies have been concerned with.
Singapore passed the PDPA in January 2013, and organisations are required to comply early next month (July 2014); therefore, this is having the most significant impact in the legal and compliance sector today. The bill aims to prevent private organisations from misusing personal data, and will be enforced by a regulatory body and financial penalties.
According to Omar Malik, Head of E-learning Sales with Thomson Reuters, “It was expected that Singapore would tighten its data protection regulations. The regulators here are quite progressive in ensuring the right regulations are in place, and having a Data Protection Act is the right move.” Malik continued, “The amount of personal data being collected these days is massive. Quite often the data is passed on to third parties, so having strong regulation in this area will be welcomed by consumers.”
There are two key components to the PDPA:
- ‘Do-Not-Call’ registry: Signing up allows members of the public to block telemarketing calls, SMS’s and faxes. The DNC registry opened for sign up in December of 2013, and by April had 595,000 local numbers.
- Personal Data Protection Commission (PDPC): An enforcement agency tasked with regulating the management of personal data by businesses and imposing financial penalties when organisations do not abide by the new regulations. Companies found to have violated the data protection rules may be fined up to $10,000 per customer complaint, or if an organisation is found to be non-compliant, the PDPC may impose a maximum financial penalty of $1 million.
Previously, it was most likely a marketing decision to determine whom to contact regarding the latest company sale or promotion, but with severe financial penalties as a possible consequence, this is increasingly becoming a boardroom issue. Many companies, particularly financial institutions, are now ramping up efforts to ensure that policies and procedures comply with the new upcoming regulations. One of the main challenges faced by companies with regard to the PDPA is the lack of talent familiar with this area, so what can companies do to ensure they are in the clear?
- Look to professionals in the regulatory space, i.e. regulatory compliance, IT governance/ risk and those handling programme/ project management, as it will be easy for them to pick up and apply PDPA knowledge;
- Target expats from countries where these regulations have existed previously. The PDPA was first passed in the UK in 1984, so companies could look there for expertise, or to Asian countries where the act was passed prior to Singapore, such as Hong Kong.
- Hire a consultant to provide expertise on PDPA and to help your organisation understand the regulations and your obligations;
- Educate the frontline. Companies should look to educate their compliance employees on these new regulations. The PDPC is currently drafting sector specific guidelines, in addition to running courses on the key points of the PDPA. Companies like Thomson Reuters also offer their clients a comprehensive off-the-shelf e-learning course on Singapore PDPA.
The bottom line is that compliance continues to evolve as the business environment we are all operating in becomes more complicated. Omar Malik stated, “The act is still very new, so the organisations affected by this regulation are still evolving their processes to ensure compliance. The funding that companies allocate to this area is only going to increase over time.”
To candidates in the legal and compliance space, we would encourage you to familiarise yourself and keep abreast of the new regulations – educate yourself. To clients with this need, we would let you know that if you are lucky enough to find existing expertise in the market, you should be prepared to pay a premium for that knowledge.