The Role of a DPO during Work from Home

Remote working has become part of our daily lives, especially now as a result of COVID-19. However, threats to data security remain, both online and offline.
 
Data protection officers (DPO) have always been a crucial role in an organisation, and their responsibility is greater than ever as businesses need to maintain continuity with the new ‘work from home’ arrangement.

What is a Data Protection Officer?

Under the Personal Data Protection Act (PDPA)¹, all organisations, regardless of size, are required to appoint at least one individual, known as a Data Protection Officer (DPO) to oversee the data protection responsibilities within the organisation and ensure compliance with PDPA. 
 
Responsibilities of a DPO include fostering a data protection culture among employees, communicating personal data protection policies to management, and alerting management to any potential risks that might arise from personal data. 

The consequences of not appointing a DPO

Many organisations still have not appointed a DPO, despite the fact that this is required under the PDPA and large fines apply for failing to appoint one. As an example, five companies were fined a total of $117,000 last year, including a $54,000 fine to a ferry company as it had failed to appoint a DPO and develop a robust data security plan, amongst other shortcomings.
 
Proposed changes to the PDPA are looking to increase the penalty of a data breach to up to 10% of a company’s annual revenue³. As such, it is better to be safe than sorry and take a proactive approach when it comes to data protection.

Bolster holistic data security as we work from home

DPOs need to continue to bolster holistic data security by training employees and providing them with the knowledge they need to navigate company servers safely. They should also continue to maintain robust data security awareness, and encourage staff to take these seriously.
 
72% of enterprises cited malware as their top concern based on the 2020 Remote Work Report from Bitglass⁴. Therefore, DPOs should work with their organisation to identify likely risk areas and prioritise the protection of their confidential information and applications that are critical to business operations. 
 
Working from home policies must be set clearly and include easy-to-follow steps to ensure a secure working environment. These should also consist of establishing company advisories to update employees on the latest establishments and guide them on what to do in the event of an attempted or actual data breach.

Protect your data before it’s too late

Data mongers are constantly looking for opportunities to steal valuable personal data. The lack of proper measures to secure, as well as dispose of data, when no longer, needed increases the risk of a breach where individuals and organisations no longer have control over it.
 
Companies should conduct an information security risk assessment to uncover potential gaps in data security.
 
Companies should also introduce a Shred-it All Policy to prevent confidential documents to lower the risks of unauthorised access, ensuring that data is permanently destroyed and irretrievable.
 
As economies gradually re-open, employees should bring any documents they brought home that are no longer needed back to the office for shredding by professional third parties, such as Shred-it.
 
Find out more about how Shred-it can assist you to properly dispose of physical media safely and securely by contacting us for a quote.
 

Disclaimer
 
This article is provided for your convenience and does not constitute legal advice. Readers should not take, or refrain from taking, actions based upon the content of this article. Prior results do not guarantee similar outcomes. Please seek professional legal advice.
 
 
¹PDPC: Data Protection Officers. (n.d.). Retrieved May 28, 2020, from https://www.pdpc.gov.sg/Overview-of-PDPA/Data-Protection/Business-Owner/Data-Protection-Officers
 
²Yip, W. (2020, May 14). Proposed changes to Singapore's data protection law seek stiffer penalties for info leaks. Retrieved June 1, 2020, from https://www.straitstimes.com/singapore/proposed-changes-to-singapores-data-protection-law-seek-stiffer-penalties
 
³Soni, J. (2020, May 28). Most companies 'unprepared' to support secure remote working. Retrieved May 31, 2020, from https://www.techradar.com/sg/news/most-companies-unprepared-to-support-secure-remote-working