The need for corporate data compliance for data-driven businesses

Today’s competitive markets have driven many companies to go all-in with digital technologies in the quest to glean better business insights and gain greater agility. In Asia Pacific, we are seeing the pace of digitalization increase, driven by the desire for customers to receive an increasingly personal experience and the rapid pace of innovation required in order to compete. By 2022, IDC predicts that the digital economy will go mainstream with at least 50 percent of Asia/Pacific GDP coming from digital products and services.

Despite unforeseen setbacks from recent trade conflicts in Asia and the outbreak of COVID-19, organizations everywhere continue to harness the power of data to overcome these obstacles and gain a competitive advantage. Many continue to sift through growing mountains of data every single day, stored in an increasingly diverse number of locations in and out of cloud. With the recent lockdowns across the world, hybrid multi cloud strategies have never been more important to power both organizational services into workers homes, as well as deliver service continuity to consumers and clients.

However, even in the current world environment, rising numbers of data breaches and leaks of personal information continue to plague many organizations as technology becomes integral to success. With cyber incidents – including data breaches – now ranked as the most serious business risk globally, corporate data policy compliance has become one of the most important conversations today.

Customers across Asia Pacific have come to expect organizations, large and small, to comply with modern-day privacy regulations and be responsible for preventing unnecessary disclosure or loss of their personal data. It has also become a common practice for consumers to desire their brands to assure them that their data management and privacy policies will protect their privacy.

To protect individuals from the perils of data misuse, many countries have set up new data privacy regulations that govern what can and can’t be done with personal data. Customers, especially those covered by Singapore’s Personal Data Protection Act (PDPA) and EU’s General Data Protection Regulation (GDPR), can even request to see the complete list of personal data an organization holds, and have the right to request for changes or complete deletion of data. Failure to comply could lead to hefty financial penalties. For instance, 26 companies in Singapore have been fined a total of S$1.28 million as of August last year for breaching PDPA, which is a record high since the Act came into effect in 2016. GDPR also imposes fines on a sliding scale measured by the organization’s global revenues, we have seen some record fines issued to organizations around the world for alleged breaches of this policy.

Besides the financial implications, data privacy breaches could also lead to the loss of customer trust and confidence in a brand – resulting in long-term damage for the company. A recent study found that ASEAN businesses lost an average of US$2.62 million last year to data breaches, up from US$2.53 million in 2018. The cost includes detection, escalation, notification, as well as lost business due to business disruption, customer turnover, reputation loss, and diminished goodwill. Moreover, such incidents can cause the average share price of a company on Wall Street to fall by 7.27 percent on disclosure, with low share value and growth underperformance a reality for years afterward.

Despite the clear need for corporate data compliance, many Asia Pacific organizations today are ill-prepared to cover their data compliance obligations. The situation is potentially more dire for companies further along in their digital journey who employ hybrid multi cloud strategies, embracing the agility that these strategies provide with little thought for their compliance obligations. For them, compliance becomes an even more challenging objective as data is now spread across borders in many data centers around the world. With each country sporting a variety of different national and regional privacy regulations, each with its own set of rules about data residency and transfer, ensuring compliance across borders is no easy feat.

Organizations have traditionally addressed these compliance concerns with legacy mechanisms like regular expression mapping, which uses human maintained pattern matching, or other basic data identification methods. However, these mechanisms are not able to scale fast enough, or deliver the required accuracy to the immense volume and increasing complexity of the architectures leveraged by many organizations. Existing pattern matching compliance solutions have become cumbersome to manage and outdated.

To ensure and simplify compliance, organizations need to take a privacy-by-default approach to data storage, which can be achieved by investing in modern tools that provide visibility and control over their cloud-based deployments. Such tools should help organizations comply with data retention laws, and importantly they must effectively support right-to-be-forgotten requests and the increasingly diverse range of compliance requirements across the globe.

Thankfully, solutions built using machine learning (ML) and artificial intelligence (AI), are now able to help compliance specialists address today’s complex compliance problems, due to their ability to process information and identify compliance risks faster and with more accuracy and efficiency than traditional methods. Apart from being able to pivot rapidly and adopt new compliance requirements with very little training, ML models can identify personally identifiable information for example at 90 percent or better success rates in a far shorter time and with far less human interaction than any other methodology on the market.