You are currently viewing A real life GDPR case study in the Philippines

A real life GDPR case study in the Philippines

  • Post author:
  • Post category:GDPR / News

GDPR is already knocking on your door and from what we are seeing a lot of companies  are not ready to meet the new data protection requirements, especially the small and mid-seized ones.  The new regualtions are coming into force on May 25, which means you have less than 2 months to get things done!

At SkyFlok we can help you cope with the upcoming GDPR and avoid the big fees which can easily put your business into risk. SkyFlok is designed specially for small and mid-sized businesses to help them succeed while complying with the new data protection requirements. Our Geo Selection Protection feature allows you to choose the locations where your and your customer’s data is stored. 

If you still haven’t realized the importance of being ready to meet the new requirements, the following article is a good example of a real-life case study from the Philippines showing how important it is for your business to comply with the new regulations so you can avoid the big penatlties.

See also: 10 steps to prepare for GDPR

The Philippines is a perfect use case study for GDPR and provides companies invaluable lessons on how to cope and succeed with the impending GDPR

GDPR is almost here, and most companies are not ready and have no idea what it’s going to take to keep them out of trouble and not pay thousands in fines.

It could be because they haven’t seen the real-life consequence of what could happen if they break GDPR rules.

The good thing is there’s actually a real-life case study of GDPR happening at a local level in the Philippines, and it has actually sent people to jail. Based on the Data Privacy Act of 2012, any business that is located in the Philippines is subject to stringent data protection laws that could cost offending businesses thousands in fines and jail time up to 6 years.

Keen to find out more, Information Age interviewed Julie Shafiki, chief marketing officer at Safe-T, a leading provider of software-defined access solutions for the hybrid cloud that has customers in the Philippines who have been grappling with PDPA.

>See also: GDPR vs Australian data privacy regulations: 5 key differences

Safe-T is using it as a case study to help their other customers around the world get ready for GDPR and Shafiki talks with us about the parallels, differences and lessons to be learned from PDPA.

1) Based on your experience in the Philippines, what are the consequences of breaking data protection laws?

Unlike GDPR, the DPA doesn’t just instill fines (which can of course be significant); perpetrators can actually be imprisoned for up to six years. Therefore, it’s crucial for business leaders to understand the implications and prepare accordingly in order to stay compliant and minimize risk.

2) How similar is the law over there to the impending GDPR? Is it stricter etc?

Here are a few ways that data must be collected and protected under the DPA. You must:

• Have the consent of individuals in order to collect their data.attribution-logo

• Have a legitimate reason to collect and store data.

>See also: The true cost of the General Data Protection Regulation

• Not collect more data than the scope of your legitimate reason would allow.

Additionally, people whose data has been collected have the right to know what’s being stored, the right to access their stored data, the right to remove or edit the data, and the right to sue for damages in the event that their rights are infringed.

The DPA specifies that all data breaches affecting Philippine customer data must be reported within 72 hours. This is an internationally-enforceable provision and ff an entity is covered under both the GDPR and the DPA, all data breaches still have the 72-hour limit, even if the only data that’s been breached is EU-related.

3) Why is it important for more stringent data protection laws?

This is important for several reasons:

• To align all businesses so that data is protected equally across all applications and industries.

>See also: What is the impact of the changing data protection landscape?

• Regulation and compliance standards encourages companies to better invest in security – to protect themselves and their customers.

• It protects everyday people’s data from getting into the hands of unauthorized users

4) How can businesses benefit from regulation like GDPR?

Businesses will benefit from GDPR by having enormous incentives to invest in security layers to protect their sensitive data. Unless you take earnest, good-faith steps to protect yourself from cyber attacks, your company will be fair game for regulators. Companies must build proper strategies and adhere to healthy business processes in order to avoid hefty fines.

The GDPR can be frightening to small and mid sized business in particular, as many might not survive their first contact with its fee structure. Reinforcement with GDPR-compliant solutions will greatly increase a businesses’ peace of mind.

>See also: The multinational impact of GDPR

5) Should the c-suite be culpable for compliance failures, and what should punishment look like?

The trend now is to hire a data protection officer whose main responsibilities include overseeing data privacy, ensuring compliance and managing data protection risk for the organisation. This executive should have expertise in data protection law, best practices and a complete understanding of the company’s IT infrastructure, technology, and technical and organisational structure.

Executives hold more responsibility for serious failures, and compliance will follow this path. This role comes with significant responsibilities, as the future of the company could be in the balance if a breach occurs. It remains to be seen, however, if the DPO will personally bear the brunt of heavy fines.

Or go back to