Higher data breach penalties and surges in cybercrime spell the perfect timing for such services in the city state.

Despite regular and official reminders from the government, a large number of companies in Singapore have yet to appoint a data protection officer (DPO) for ensuring compliance with their Personal Data Protection Act of 2012.

To date, the Personal Data Protection Council has issued over SG $1.29 million in data breach fines. As of 5th October, the government has tightened regulations, and increased the penalty to 10% of their annual Singapore turnover or up to a cap of S$1m, whichever figure is higher.

This has prompted a specialist firm in the island city to offer DPO-as-a-Service. Privacy Ninja aims to empower and make accessible to all businesses in Singapore a higher data security standard by elevating the level of DPOs (data protection officer) in the country. The claim to have helped up to 150 small and medium-sized enterprises through the service, and up to 30 DPOs through their training course.

Beyond data privacy protection

With the current pandemic compelling businesses in the country to digitalize, data protection has become a major priority. As cyberattacks become more sophisticated, the roles and responsibilities of DPOs will expand and include acting as an organization’s first line of defence.

Andy Prakash, CEO of Privacy Ninja said: “SMEs were approaching us for help with their PDPA compliance due to our track record in the industry. Coming from a cybersecurity background, we are able to value-add in many more ways, and have even taken on breached businesses as clients and successfully helped them through effective action plans that meet and exceed the legal requirements.”

His CTO Dexter Ng added: “A lot of businesses are rushing to go digital and launch e-commerce websites without any security measures such as performing penetration tests. There are a lot more data breaches happening this year compared to 2019. It is important for every company to have a DPO to implement security measures and policies to lower the risk of a data breach.”

Going beyond their DPO-as-a-Service, the firm has extended its efforts to educate and equip companies with the necessary skills to be PDPA-compliant. Supported by the national SkillsFuture training grant, the training is tailored to suit companies regardless of their size and industry.

Seeing the growing demand for the course, the firm is developing Virtual Reality training modules to make the learning experience more engaging and effective.