lines of codes on a computer

There is a huge disparity in the amount of financial penalty businesses have to pay for in each country, for non-compliance of legislation for data privacy and protection. Source: Unsplash

Asia can’t agree on data protection measures, says new report

Data protection should be uniform across the world, or at least across a certain region, for the benefit of citizens and organizations.

A recent DellEMC/IDC report Data Risk Management Barometer – Gauging Asia-Pacific’s Potential reviewed financial penalties on non-compliance with data privacy legislation in each country. The disparity that was discovered was alarming, according to analysts.

Results are highly varied. The Singapore government, for example, imposes a penalty of SGD1 million (approx. US$760,000) for failing to comply with its data protection provisions, while Thailand isn’t known to impose any penalties at all.

The report looked at 14 countries across Asia: Singapore, Australia, Hong Kong, Indonesia, Malaysia, Philippines, Taiwan, New Zealand, Korea, Vietnam, China, Japan, India and Thailand.

The financial penalty imposed isn’t an amount comparison, rather it is calculated as a percentage of the country’s GDP. Below is the full ranking:

Summary of IDC’s findings.

One of the reasons for the disparity is the lack of a unified agreement on what sanctions should be imposed. Unlike the European Union’s General Data Protection Regulation (GDPR), there are no similar policies for the Asia Pacific region.

However, with regulators taking steps to enforce compliance of new and upcoming regulations, organizations will require more robust data governance and security management strategies to address how data is captured and stored, or potentially risk financial penalties for non-compliance

Simon Piff, Vice President, IDC Asia Pacific’s IT Security Practice Business, said:

Data privacy regulations are an impetus for the development of better data management strategies, for example, it is exacerbating the data protection gaps in existing backup infrastructure. Over time, more countries in the region will take proactive steps to strengthening critical information infrastructure, and the European Union General Data Protection Regulation will further galvanise this.

IDC also found that the most immediate priority for C-suite executives is to build more secure IT environments, simplifying and improving IT infrastructures within the organization, and enabling business innovations – all at the same time.

That is a challenge CXOs face as they juggle other priorities such as competing with new tech-driven business models and unforeseen business disruption.

The bottom line is, for organizations doing business in Asia, spending resources to understand the legislation is critical as it helps build the IT infrastructure for compliance.