The European Union’s General Data Protection Regulation (GDPR) came into effect on 25th May 2018. The GDPR also affects Malaysian entities that process data concerning EU nationals, according to Dr. Jasmine Begum, Microsoft Malaysia’s Director of Legal and Corporate Affairs and New Market.
She said this during the recent Insights on GDPR and PCI DSS workshop, where she shared Microsoft’s experience as the multinational corporation went about ensuring that its products – as well as its own internal data-handling practices – were GDPR compliant. The workshop was organised by Malaysia Digital Economy Corporation (MDEC), and hosted at the premises of leading cybersecurity company LGMS at its Asia Cybersecurity Exchange centre.
“The difference between GDPR and Malaysia’s Personal Data Protection Act (PDPA) is that the GDPR standards are higher, and it requires enterprises to look at 4 big areas,” Dr. Begum explained. Two major areas deal with privacy and security, with major penalties to ensure compliance, and an obligation to report any data breaches within 72 hours of discovery.
Dr. Begum pointed out that in this always-connected world, concerns about data portability and data erasure are on the rise. “Can cloud service providers prove to me that you have erased the data? This is a question that always comes up.”
More fundamental was ensuring that organisations had a clear idea of all the sources of data within the organisation. Dr. Begum stressed that this did not apply only to digital data, but also paper-based records. “This is something that people in the financial services sector, particularly banking, need to start considering.”
Data protection is also known as data privacy or information privacy.
Article from computerworld.
You may also find other interesting LGMS News at the following links: