Sia Partners APAC Personal Data Privacy and Protection Survey

The generation and collection of massive amounts of data essentially increase the complexity of data privacy and security, and the implementation of an effective data privacy program is emerging as a top concern and priority for organizations as a result of heightened regulatory pressure and increased awareness among consumers.  

The 2024 Sia Partners APAC Personal Data Privacy and Protection Survey of data professionals from 30 institutions across 10 jurisdictions and 6 industries shows an increased awareness about the importance of data protection and privacy,  100% of the participants have a data privacy policy in place to ensure that the processing of personal data complies with various obligations such as notification obligation, purpose limitation obligation, consent obligation, etc. 

Nonetheless, the latest survey finds organizations face many of the same challenges in building a regional Data Privacy program: 

1. Fast-Evolving Regulatory Landscape 

   • 80% of respondents indicate the fast-evolving regulatory landscape as the biggest challenge, and among which, 50% of them are monitoring and tracking the latest regulatory changes using traditional manual methods. 

2. Data Localization and Cross-Border Data Transfer Requirements 

   • 80% of respondents indicate data localization and cross-border data transfer requirements as the second biggest challenge, of these, 70% collect personal data from multiple jurisdictions and transfer it to locations outside the jurisdiction where the data was initially collected. 

3. Technical Knowledge in Implementing Data Security Control and Dealing with Cyber Threats 

   • More than 60% of respondents indicate technical knowledge in implementing data security control and dealing with cyber threats as the third biggest challenge, among these respondents, more than 70% cited a lack of knowledge about effective measures as the greatest barrier to adopting privacy-enhancing technologies (PET)." 

Sia Partners recommends the following actions to overcome the common challenges in building an effective data privacy program: 

1. Adopting an External or Internal Regulatory Watch Tool 

   • Given the increasing volume and complexity of regulatory requirements, it has become difficult to manage regulatory requirements using traditional manual methods. Organizations can leverage external or internal regulatory watch tools in monitoring, identifying, and assessing rapidly evolving requirements related to data protection that may impact the organization. 

2. Working with Expertise to Translate Regulatory Requirements to Specific Internal Guidelines 

   • Organizations encounter difficulties in determining which categories of data need to be locally stored and which can be moved abroad due to diversified requirements across jurisdictions and sectors. It is key to work with experts in assessing the varying cross-border data transfer measures and requirements outlined by the local authorities and translate them into a detailed roadmap with key action items to be implemented, to ensure meeting regulators’ expectations.  
       

3. Investing in Training and Development 

   • To address the knowledge and skills gap in existing talents, organizations should prioritize training and development to stay updated with the latest knowledge and techniques essential for effective defence against cybersecurity threats. 

Sia Partners offers a wide range of services to help our clients understand and manage the evolving data privacy risks. We understand the challenges companies face in the Data Privacy management life-cycle and are actively helping them to address these 5 key areas: 

1. Maturity Assessment: We assist organizations in conducting a data privacy maturity assessment and set out comprehensive compliance roadmaps to achieve organizational goals. 
2. Implementation Support: We help our clients to implement data privacy roadmaps at global and regional levels, including roll-out data privacy by design, data breach notification mechanism and established data governance.  
3. Training Support: We deliver tailored and impactful data privacy training & awareness solutions that cover the latest trends and interpretation of the fast-changing data privacy regulation.  
4. Data Protection Audit: We carry out independent audit procedures on how organizations can monitor operational practices, handle inquiries & complaints and manage third-party risks.  
5. Data Protection Officer (DPO) Support: We provide guidance to management and act as the single contact point when communicating with third parties on how their personal data is used and what measures are implemented to protect them.  

Sia Partners also assists our clients to perform the Cross Border Data Transfer compliance analysis and implementation: 

1. Data Strategy: We support companies in formulating overall data strategy for each third-party destination to accommodate their business development plan  
2. Navigate the ever-changing regulatory landscape: We help to assess the varying cross-border data transfer measures and requirements outlined by local authorities and translate them into a detailed roadmap with key action items to be implemented, to ensure meeting regulators’ expectations.  

Our team of experts have worked closely with many leading players in the industry and has extensive experience in the topic of data protection, data privacy and cybersecurity, we are confident to help our clients navigate any issues in relation to these topics.