June 05, 2019

Data Protection Guide for Start-Ups

Singapore’s business sector is constantly flourishing and thanks to government support, the start-up eco-system here is looking pretty vibrant as well. It was also reported that Singapore has the highest proportion of millennial entrepreneurs in the world[1]. In light of this, there is an increasing need to inform and educate start-ups in Singapore about the data protection rules and regulations implemented by the Personal Data Protection Commission (PDPC).

The Personal Data Protection Act (PDPA) was first introduced in 2013 to enforce privacy laws and act as a deterrence to unlawful use of personal data. Under the PDPA, failure to comply with the requirements by any organisation or individual could result in hefty fines or other financial penalties that fit according to the circumstances. Hence, it is crucial that start-ups are aware of the various steps and processes that are required to comply with the PDPA.

The first step start-ups should take is to appoint a Data Protection Officer (DPO) in their organisation and familarise themselves with the various roles and responsibilities of a DPO. These roles include implementing proper policies and processes for handling personal data, promoting a data protection culture among employees and managing personal data protection related queries or complaints.

In addition, start-ups can significantly reduce the risk of non-compliance with the PDPA by partnering with third-party data protection providers that offer secure data destruction services, such as Shred-it. Furthermore, Shred-it incorporates recycling into their secure chain of shredding process which not only makes it more secure but also friendlier to the environment, saving forests, reducing greenhouse gas emissions and landfill waste.

Start-ups are also required to adhere to the new guidelines on the collection of the National Registration Identification Cards (NRIC) in their business processes. Taking effect from 1 September 2019, the new guidelines aim to reduce risks of unintended disclosure of sensitive information which could lead to identity theft and fraud. Shred-it’s guidebook also outlines all the necessary information to provide start-ups with a better understanding of the new guidelines.

With a proper data protection landscape, start-ups can reduce the risk of non-compliance and prevent unnecessary monetary fines which can cause reputational and monetary damage.
Start Protecting Your Business
An organisation that integrates data protection into its business processes can help reduce the risk of a data breach and non-compliance to the PDPA. Learn more about how Shred-it can protect your documents and hard-drives by contacting us for a free quote and a security risk assessment.

[1] Business Insider Singapore. 2018. Singapore has the world’s highest proportion of self-made, millennial millionaires. [ONLINE] Available at: https://www.businessinsider.sg/singapore-has-the-worlds-highest-proportion-of-self-made-millennials-millionaires/. [Accessed 17 May 2019]