CRU­CIAL FOR BUSI­NESSES TO COM­PLY WITH NEW RULES

New Straits Times - - LETTERS - JEONG CHUN PHUOC Shah Alam, Se­lan­gor

THE new Euro­pean Union data law — Gen­eral Data Pro­tec­tion Reg­u­la­tion (GDPR) — re­quires Malaysian busi­nesses (and any other busi­nesses) to com­ply with a stricter set of data pro­tec­tion re­quire­ments when do­ing busi­ness within the EU re­gion.

Un­for­tu­nately, those in the small- and medium-sized en­ter­prise sec­tor, and the ma­jor­ity of stake­hold­ers, es­pe­cially Malaysian SMEs, are in the dark about GDPR. This has trig­gered a global rip­ple ef­fect since its en­force­ment.

Malaysian busi­nesses’ deal­ings within the EU com­mu­nity re­quire a new data pol­icy on the com­pli­ance menu bar. But, many do not know how to ef­fec­tively in­cor­po­rate GDPR into their hu­man re­sources and man­age­ment frame­work and prac­tices.

In the EU re­gion, data pro­tec­tion is a se­ri­ous mat­ter. It is a fun­da­men­tal right. GDPR is the new frame­work for pro­tect­ing that right. It rep­re­sents a pos­i­tive frame­work for users, en­abling Eu­ro­peans to take back con­trol of their per­sonal in­for­ma­tion.

Case stud­ies have shown the grav­ity of GDPR. An­chor so­cial net­work plat­form play­ers, such as Face­book, Twit­ter and In­sta­gram, have be­gun to take mea­sures to ac­tively in­form users in the re­gion of mod­i­fi­ca­tions on the “user terms” so that users can com­ply with the reg­u­la­tions.

Pro­tec­tion of pri­vacy is now a world­wide con­cern. Re­port­edly, Face­book was re­cently fined £500,000 (RM2.6 mil­lion) for data breaches in the Cam­bridge An­a­lyt­ica scan­dal. Ac­cord­ing to The Guardian, the fine is for two breaches of the Data Pro­tec­tion Act. The In­for­ma­tion Com­mis­sioner ’s Of­fice con­cluded that Face­book failed to safe­guard users’ in­for­ma­tion and failed to be trans­par­ent about how that data was har­vested by oth­ers.

In Malaysia, Astro, the broad­cast­ing tele­vi­sion net­work for ex­am­ple, was re­ported to have lodged two po­lice re­ports on me­dia re­ports of an al­leged data leak in­volv­ing their cus­tomers’ data.

What about United States com­pa­nies do­ing busi­nesses in Malaysia and the Asean Eco­nomic Com­mu­nity? How will GDPR af­fect them?

It is still not clear if US firms will com­ply with the new GDPR. GDPR re­quires that clear con­sent is needed for use of per­sonal data, and that such con­sent must be given freely, specif­i­cally, in­formed and un­am­bigu­ous.

The Malaysian Com­mu­ni­ca­tions and Mul­ti­me­dia Com­mis­sion (MCMC) is be­lieved to have stepped up en­force­ment pur­suant to the Per­sonal Data Pro­tec­tion Act (PDPA) 2010 on users of per­sonal data in the coun­try and the classes of users.

It is cru­cial for MCMC to relook the pro­vi­sions un­der PDPA and re­vise them in line with GDPR. PDPA may re­quire en­hance­ment in cer­tain as­pects to com­ply with GDPR req­ui­sites, es­pe­cially in terms of gov­er­nance and clar­ity.

Busi­nesses and stake­hold­ers must take note of the stricter GDPR tem­plate to pro­tect, en­hance and pro­mote a higher de­gree of gov­er­nance, ethics and in­tegrity in the on­line global emar­ket­place.

Newspapers in English

Newspapers from Malaysia

© PressReader. All rights reserved.