Based on IDC’s InfoBrief Data Risk Management Barometer – Gauging Asia Pacific’s Potential findings for Dell EMC, it reveals the severity of financial penalties for non-compliance with data privacy legislation across key markets of Asia Pacific and Japan (APJ).
The global market intelligence firm highlights Singapore, Australia, and Hong Kong as the top markets that incur the harshest penalties for data breaches as a percentage of the country’s gross domestic product (GDP).
Meanwhile Japan, India and Thailand are at the bottom of the scale.
With that said, new threats are emerging each day, regulation and legislation are becoming harsher to ensure organisations handle data responsibly.
Measuring legislation and penalties for data breaches, the IDC InfoBrief exposes large scale differences in penalties across fourteen APJ markets.
It underscores the importance for businesses, particularly multinationals, to be aware of the variations in data privacy laws for each market in which they operate.
While in Malaysia, the maximum penalty that may be imposed for breaching data privacy is RM300,000.
Enforcement within other APJ markets are hugely varied: the Singapore government imposes fines of up to SGD1,000,000 for non-compliance with any of its data protection provisions, while Australia imposes fines of up to AUD1,700,000.
Japan and India levy the lowest fines at JPY1,000,000 and INR500,000, respectively, for any breaches in data privacy. As more organisations across the region become digitally-driven, this will increasingly become a higher priority.
“Being data-driven is inevitable for organisations that are transforming digitally, businesses are realising the opportunity using data effectively offers to transform their products, services and strategies.
“But as they use data to take advantage of new opportunities, there is also greater risk – the attack surface is expanding and so too are the requirements for how you manage this data,” says Dell EMC Specialty Sales, Asia Pacific & Japan VP Dmitri Chen.
He adds that this makes building scalable secure IT environments and optimising infrastructure an unavoidable requirement for organisations today.
At the same time, the IDC barometer highlights how regulatory changes present an opportunity for businesses to drive improved data management.
IDC Asia Pacific IT Security Practice Business VP Simon Piff says, “Data privacy regulations are an impetus for the development of better data management strategies, for example, it is exacerbating the data protection gaps in existing backup infrastructure. Over time, more countries in the region will take proactive steps to strengthening critical information infrastructure, and the European Union General Data Protection Regulation will further galvanise this.”
As regulations evolve to reflect changes in the threat landscape, the IDC InfoBrief identifies three key areas of good data management to minimise risk: security, privacy, and business continuity.
Security has to ensure that data is safely captured and stored, with data integrity. Privacy has to ensure that personal identifiable information carries the levels of security, accessibility and ability to be deleted, as defined by the various legislations.
Business continuity and risk management planning should also facilitate access to data at all times.
SO, IT infrastructure considerations must prioritise these areas in order to ensure compliance.