Crucial for businesses to comply with new rules

By JEONG CHUN PHUOC - July 14, 2018 @ 9:05am

Small- and medium-sized enterprises are in the dark about European Union’s new data law, the General Data Protection Regulation. REUTERS PIC

The new European Union data law — General Data Protection Regulation (GDPR) — requires Malaysian businesses (and any other businesses) to comply with a stricter set of data protection requirements when doing business within the EU region.

Unfortunately, those in the small- and medium-sized enterprise sector, and the majority of stakeholders, especially Malaysian SMEs, are in the dark about GDPR. This has triggered a global ripple effect since its enforcement.

Malaysian businesses’ dealings within the EU community require a new data policy on the compliance menu bar. But, many do not know how to effectively incorporate GDPR into their human resources and management framework and practices.

In the EU region, data protection is a serious matter. It is a fundamental right. GDPR is the new framework for protecting that right. It represents a positive framework for users, enabling Europeans to take back control of their personal information.

Case studies have shown the gravity of GDPR. Anchor social network platform players, such as Facebook, Twitter and Instagram, have begun to take measures to actively inform users in the region of modifications on the “user terms” so that users can comply with the regulations.

Protection of privacy is now a worldwide concern. Reportedly, Facebook was recently fined £500,000 (RM2.6 million) for data breaches in the Cambridge Analytica scandal. According to The Guardian, the fine is for two breaches of the Data Protection Act. The Information Commissioner’s Office concluded that Facebook failed to safeguard users’ information and failed to be transparent about how that data was harvested by others.

In Malaysia, Astro, the broadcasting television network for example, was reported to have lodged two police reports on media reports of an alleged data leak involving their customers’ data.

What about United States companies doing businesses in Malaysia and the Asean Economic Community? How will GDPR affect them?

It is still not clear if US firms will comply with the new GDPR. GDPR requires that clear consent is needed for use of personal data, and that such consent must be given freely, specifically, informed and unambiguous.

The Malaysian Communications and Multimedia Commission (MCMC) is believed to have stepped up enforcement pursuant to the Personal Data Protection Act (PDPA) 2010 on users of personal data in the country and the classes of users.

It is crucial for MCMC to re-look the provisions under PDPA and revise them in line with GDPR. PDPA may require enhancement in certain aspects to comply with GDPR requisites, especially in terms of governance and clarity.

Businesses and stakeholders must take note of the stricter GDPR template to protect, enhance and promote a higher degree of governance, ethics and integrity in the online global e-marketplace.

JEONG CHUN PHUOC

Shah Alam, Selangor