The date all data protection compliance project teams in Singapore have been waiting for has been announced. July 2, 2014, is D-Day when Personal Data Protection Act will come into effect and when organizations will need to complete data inventory mapping, process audits, staff training, and publication of various processes.
Small and midsize businesses (SMBs) will be glad to note that several tools and trainings have been introduced by the PDPC (Personal Data Protection Commission) to aid the process, while larger organisations have slightly more than 13 months to finish their data compliance projects.
Most projects should take around 9 months so it is time to batten down the hatches and roll up those sleeves. Another point to note is that the more competent consultants in the industry will likely be snapped up so organizations should act quickly to secure such resources if they should require them.
There is very significant effort involved in data mapping, and the bigger an organization, the more data to map. The same goes with mature organizations--one can never tell where all the skeletons in the closets are. Similarly, process audits needed to sync across business units and different offices may involve process re-engineering and relearning by staff members. Organizations should not underestimate this task.
A significant milestone in Singapore's data protection drive has been reached. In the same week, the government announced it would enhance information-sharing with other countries to prevent cross-border tax evasion, coming on the back of the ICIJ's "wikileaks" sized expose of the use of shell companies.