Today, technology has revolutionised the amount, means and ease of collection of personal information. With emerging technologies and data analysis evolving at a fast pace, information about individuals can provide valuable insight about them. It can be of great value to interested parties as they can use this information for targeted or mass marketing or behavioral analysis. If in the wrong hands, it can be used for illegal activities like various types of identity theft and other unauthorised use. The Personal Data Protection Act 2012 (PDPA) was introduced in Singapore with an objective to address the need for a data regulation mechanism to ensure the flow of data is monitored and secured to safeguard the interests of the end user.
Since its inception, PDPA has focused on three major aspects of data – type of data, its collection and its usage. All organisations operating in Singapore, local or foreign, must ensure they specify the type of data they are collecting, when and how are they collecting it and what purpose they are going to use it for. Any organisation, large or small will be in breach of the law if they use the data for anything other than what they have specified and will be penalised heavily.
Due to the legal and economic ramifications of contravention, all organisations are investing in the infrastructure and manpower to ensure they do not, willingly or unwillingly, breach the stringent data laws. This enforcement and the resultant fine has led to an increased hiring of data officers in the Singapore job market. With General Data Protection Regulation (GDPR) introduced in Europe in May 2018, this need has further gained momentum as every organisation is now required to have a Data Officer in their firm if they have any dealings with people or companies in Europe. Although firms are having to continually adjust to the data regulation laws, hiring for legal, compliance and cyber security roles has seen revised mandates to include prior experience in personal data handling. Organisations are gearing themselves to have the right type of technology and the associated manpower to ensure they can execute all stages of the data protection cycle.
Reskilling of legal, compliance and cyber security professionals is also considered a swift way of adapting to the evolving data protection scenario. As firms will be required to monitor, evaluate and restructure compliance protocols, compliance professionals with data handling background will be in a better position to foresee and provide for futuristic data policies of the firm. Legal and compliance professionals with 5-7 years of experience are usually the ones who can make a shift into the data privacy role. Private practice lawyers who have prior experience with telecommunications, media and financial services sectors too are suitable for a shift in data privacy roles.
On the other hand, cyber security professionals with experience of handling personal data will also be adept in creating the necessary technology and company level protocols to accommodate the existing data privacy laws and provide for any new laws that are implemented in the near future. With the growth of Artificial Intelligence, data officers are seeing newer challenges in structuring data management policies for a previously non-existent technology space.
Aquis Search has a strong presence in Singapore in legal and compliance sector and we have been witnessing an increased demand for data privacy officers in the last 2-3 years. We have seen firms with B2C business model actively seeking data privacy officers. Back in 2013 when the data regulations were newly implemented, businesses used to transfer data officers internally from their Europe offices as an immediate measure to be compliant with the newly implemented data regulation laws. This trend is now witnessing a shift and firms have now started hiring for this position from the local talent pool.
Financial services and payments business, retail, ecommerce and media firms have been the leading generators of data privacy officer positions as they have large amount of customer data to handle on an ongoing basis. The hospitality and pharmaceutical sectors too are generating considerable opportunities for data privacy professionals.
Data protection will continue to stay centre stage as it is an ongoing process and complements legal, compliance and cybersecurity roles. It will not remain an isolated division and will be incorporated under all departments across the firm that handle personal data, for instance sales and marketing, finance and IT. This will lead to more roles with specialised data handling skills thereby creating many opportunities for people who want to find a niche for themselves.