Most Singapore Firms Unprepared for GDPR

Seventy percent of Singapore respondents to the third biennial EY Global Forensic Data Analytics Survey said that they are concerned about data protection and data privacy compliance. But only 10% have actual plans for compliance.

"While organizations in Singapore show growing concerns on data privacy compliance, many may not be aware of the immense extraterritorial reach of GDPR, its requirements and implications for a data breach," Reuben Khoo, EY Asean Fraud Investigation & Dispute Services Leader said.

The survey, which saw 745 executives from 19 countries participating, analyzed the legal, compliance and fraud risks and the use of forensic data analytics (FDA) to manage them. Forty executives came from Singapore.

With EU General Data Protection Regulation (GDPR) going live on May 5, 2018, only 33% of all respondents said that they have plans to comply. In the Asia Pacific, it was down to 12%--lower than Africa and the Middle East (27%), and the Americas (13%).

Meanwhile, the adoption of FDA as a tool for managing GDPR compliance is on the rise. Some are also going further with robotic process automation (RPA). 

According to the report, 13% of Singapore respondents (global 14%) noted that they are already using robotic process automation (RPA) to manage legal, compliance and fraud risks. A further 51% of Singapore respondents (global 38%) stated they are likely to adopt AI within the next 12 months, followed by RPA at 43% (global 39%).

Currently, only 11% of Singapore respondents (global 13%) indicated that they use FDA to achieve GDPR compliance. One third (33%) of Singapore respondents (global 52%) are currently analyzing exactly which FDA tools to use.

"FDA is not just about technology, but about the people who manage that technology and how they use it to manage risks. While it's encouraging to see that investment in advanced FDA is increasing, companies need to match greater adoption of FDA with greater investment in skilled resources that have a combination of technical skills, domain knowledge, and data analytics expertise in order to be successful in managing their risk profile," Khoo said.