On the 28th May 2018, the General Data Protection Regulation (GDPR) changed the data privacy landscape forever. What most organisations failed to grasp when the regulation came into force, was that GDPR should not have been viewed as a burden or to have been treated as a tick-box exercise. It was an opportunity to extract mandatory regulatory budget and use it to elevate and transform organisations’ data capabilities. Turning the 4% of the global turnover stick into the carrot to lead the organisations’ data journeys forward.

In my fourth post, I look at Singapore’s Personal Data Protection Act (PDPA). It broadly aligns with standards in other global legislation, albeit with some crucial differences such as control and access requests as opposed to the right to be forgotten, and Singapore’s limitations on transferring personal data overseas. Organisations face significant financial and reputational risk if they don't comply with PDPA and therefore need an effective data management solution to ensure they can track the personal data they have, what they are doing with it and how it moves through their systems.