The EU's General Data Protection Regulation (GDPR) will be a year old on 25 May 2019.
The Minister for Communication & Multimedia was quoted to have said on 20 March 2019 that the government is looking at reviewing the existing PDPA and to “streamline it with international requirements of personal data protection”, particularly in conjunction with the EU’s General Data Protection Regulation (GDPR).
We do hope in its streamlining efforts, the Minister do evaluate and assess the effectiveness of the GDPR since its introduction a year ago specifically in the following areas:
since its introduction, has it changed how businesses handled data?
did it 'wake-up' organizations to treat their duties of care for personal information more seriously?
did the organisations prepared for the GDPR by merely updating the terms and conditions on their websites, creating data inventories and retention policies, and updating access controls but did not really delve into the depth of it i.e complying with it without meaningful implementation?
did it raised awareness amongst consumers on their rights regarding the personal data that is being collected and processed about them?
what were the financial repercussions to the organisations or businesses whose data was breached since its introduction?
how stringent were the regulators in punishing infractions?
We believe by having a better and deeper understanding of the above, it would help the country in its efforts and also streamlined it along the proposed National Cybersecurity policy that the government will be rolling out in the near future.