EU data rule exposes firms to fines for leaks

Economy December 16, 2017 01:00

By NOPHAKHUN LIMSAMARNPHUN
THE NATION

2,578 Viewed

THE EUROPEAN Union is set to enforce its so-called General Data Protection Regulation (GDPR) law in May next year, leaving Thai companies with European customers vulnerable to potential costly liability on data leaks, according to Forcepoint, a cyber-security firm.



At this stage, Thailand has not yet enacted a data privacy law, said Alex Lim, Forcepoint’s regional sales director for Southeast Asia, adding that only three Asean countries, namely, Singapore, Malaysia and Philippines, currently have data privacy laws.

Both Thailand and Indonesia are still in the process of enacting a legislation on this crucial matter.

Over the past two years, there has been a steady erosion of the line between personal and public sphere with Internet Service Providers (ISPs) able to sell customer data to third parties, prompting an expanding fight to protect privacy.

According to Lim, the EU’s upcoming enforcement of its GDPR law in May 2018 will serve as a wake-up call for countries that do not have data privacy laws in place since all global organisations that hold the personal data of EU residents will be subject to new requirements on control, processing and protection of the personal data.

Other countries are expected to follow the EU’s footstep in data protection and update their regulations to match the new standard.

Phone numbers, emails, and other personal data are all covered by the EU’s GDPR law so organisations that deal with its residents are required to follow the EU standard.

Lim said this means airlines, hotels, hospitals, among others, which serve EU residents in Thailand or Thai-owned companies and factories operating in the EU’s member countries are subject to the new regulations.

Since Thailand has not enacted the data privacy law, it poses a challenge to enterprises required to be in compliance with the EU law whose penalties could be costly to violators.

According to Lim, Thailand has a lot of airlines and a sizeable medical tourism sector, for example, that serve EU customers so they could be liable to big fines if personal data are leaked.

He said the country should quickly enact the data privacy law so that businesses have sufficient time to get ready since a hurried implementation of EU-compliant computer and related IT systems could disrupt other parts of the enterprises.

Besides the EU’s GDPR law, Forcepoint also predicts that there will be more tensions next year between individual rights and security for all as legal, technological, societal and political drivers combine to usher in the so-called privacy wars.

This will lead to a polarizing public debate, not just within governments but also among people.

Another prediction for 2018 is that Internet of Things (IoT) devices will become a target for mass disruption due to the fast-growing and wide-ranging adoption of IoT devices worldwide in both consumer and business environments.

These connected devices are easy to access and unmonitored so they are a good target for cyber-criminals to hold them ransom or get a persistent presence on the network of these devices.

As a result, a Disruption of Things is expected while ransomware of these devices is also possible.

In addition, crypto-currencies such as the popular Bitcoin will face a higher risk of attack as vulnerabilities of systems which implement the blockchain technology behind these digital currencies are exploited.