IDC report commission by Dell EMC Reviews Financial Impact of Data Privacy Breaches for APJ Organisations

An IDC InfoBrief, Data Risk Management Barometer – Gauging Asia-Pacific’s Potential, by global market intelligence firm IDC for Dell EMC reveals the severity of financial penalties for non-compliance with data privacy legislation across key APJ markets. Released today, the IDC findings highlight Singapore, Australia, and Hong Kong as the top markets that incur the harshest penalties for data breaches as a percentage of the country’s gross domestic product (GDP), while Japan, India and Thailand are at the bottom of the scale.

With new threats emerging each day, regulation and legislation are becoming harsher to ensure organisations handle data responsibly. Measuring legislation and penalties for data breaches, the IDC InfoBrief exposes large scale differences in penalties across fourteen APJ markets. It underscores the importance for businesses, particularly multinationals, to be aware of the variations in data privacy laws for each market in which they operate.

In Malaysia, the maximum penalty that may be imposed for breaching data privacy is MYR300,000. Enforcements within other APJ markets are hugely varied: the Singapore government imposes fines of up to SGD1,000,000 for non-compliance with any of its data protection provisions, while Australia imposes fines of up to AUD1,700,000. Japan and India levy the lowest fines at JPY1,000,000 and INR500,000, respectively, for any breaches in data privacy. As more organisations across the region become digitally-driven, this will increasingly become a higher priority.

“Being data-driven is inevitable for organisations that are transforming digitally, businesses are realising the opportunity using data effectively offers to transform their products, services and strategies. But as they use data to take advantage of new opportunities, there is also greater risk - the attack surface is expanding and so too are the requirements for how you manage this data,” says Dmitri Chen, Vice President of Specialty Sales, Asia Pacific & Japan at Dell EMC. “This makes building scalable secure IT environments and optimising infrastructure an unavoidable requirement for organisations today.”

The IDC barometer highlights how regulatory changes present an opportunity for businesses to drive improved data management. Simon Piff, Vice President, IDC Asia Pacific’s IT Security Practice Business, comments: “Data privacy regulations are an impetus for the development of better data management strategies, for example, it is exacerbating the data protection gaps in existing backup infrastructure. Over time, more countries in the region will take proactive steps to strengthening critical information infrastructure, and the European Union General Data Protection Regulation will further galvanise this.”

As regulations evolve to reflect changes in the threat landscape, the IDC InfoBrief identifies three key areas of good data management to minimise risk: security, privacy, and business continuity. Security has to ensure that data is safely captured and stored, with data integrity. Privacy has to ensure that personal identifiable information carries the levels of security, accessibility and ability to be deleted, as defined by the various legislations. Business continuity and risk management planning should also facilitate access to data at all times. IT infrastructure considerations must prioritise these areas in order to ensure compliance.

Check out the infographic.