Crypto Exchange

Do SMEs Need to Comply with PDPA, and Why Does DPaaS Help?

The Personal Data Protection Act 2012 (PDPA) governs the use, disclosure, and collection of personal data. The Personal Data Protection Act (PDPA) recognises:

The right of individuals (natural persons, deceased or living) to protect their personal data

The need of organisations to use, collect, and disclose personal data for reasonable purposes

Personal data refers to:

  • Data about a person who can be identified from the data itself
  • Data about the person who can be identified from information and other data to which the business has or has access to

Examples of personal data that can identify an individual on its own include:

    • DNA profile
    • Name and NRIC number
    • Biometric identifiers (fingerprints or face geometry)
  • Voice of an individual
  • Video image or photograph of an individual

The PDPA also protects (to a certain extent) the personal data of those who have been deceased for 10 years or less. For those data, only provisions that relate to the protection and disclosure of personal data will apply.

Types of Personal Data the PDPA Does Not Apply To

The PDPA will not apply to the following categories of personal data:

  • Personal data contained in a record that has existed for at least 100 years
  • Personal data about a deceased person who has been dead for more than 10 years
  • Business contact information not provided by individuals for personal purposes primarily

This includes the individual’s:

  • Name 
  • Business title
  • Telephone number of the business
  • Business address and email address

Nowadays, data protection services are available to ensure data that are in the care of organisations are protected accordingly. Data protection services also help organisations keep up with the ever evolving data protection landscape.

How Data Protection as a Service (DPaaS) Can Help Businesses

Since most organisations use data in various forms, protecting data has become a key priority among companies nowadays. Unfortunately, not all organisations can afford to invest in a resourceful and skilled IT team. This is where Data Protection as a Service can come in handy. If anything, DPaaS makes good sense technically and financially.

Typically, DPaaS is provided as a cloud-based service that’s designed to meet the protection and data security requirements of the organisations while ensuring there are options for flexible recovery and backup. A data-driven world generates a massive volume of data that needs to be used, processed, and analysed. 

However, since data is vulnerable, it requires elaborate protection. Transitioning to the cloud can mean more responsibilities in terms of backup, data security, and recovery between the organisation and the cloud provider. Important services that were previously handled by teams, infrastructure, and systems are shifted to the cloud provider.

However, cloud providers won’t be responsible when people in the organisation make mistakes or if the organisation is targeted specifically by malicious actors. This is where DPaaS can be beneficial. DPaaS offers ease of management, maintenance, and acquisition. It also enables services as demands evolve.

A strong DPaaS architecture can provide an integrated solution across processing, networking, storage, management, and geography. This starts with the establishment of a scalable and reliable storage layer that protects data from hardware errors and ensures data loss from ransomware attacks and deduplication errors are prevented.

Also, since many operations cannot afford long downtime, DPaaS makes the recovery and backup process quick, restartable, and modular. A resilient service can also auto-detect failed restarts and backups and not interrupt other processes. In the same manner, the system can help avoid downtime for bug fixes and software updates.