GDPR – An European law impacting the whole world
By Dzof Azmi February 13, 2019
- It represents a higher standard than Malaysia’s PDPA
- A seminar on the impact of GDPR on Malaysia will be held on March 18-19 in KL
"WOULD you like your data to be protected?"
This was the question asked of me by Pathmanathan Kaliappan (pic) as he tried to explain the rationale for a conference and workshop he is organising in Malaysia about a law from a completely different part of the world.
Titled "The Impact of EU GDPR in Malaysia and Non-EU Countries", it will be held in KL and Pathmanathan believes there is an audience for it here. "My main target is for people who have links in Europe but don't know what to do," he explained.
The GDPR’s impact in Asia
The General Data Protection Regulation (GDPR) is European legislation that mandates how organisations collect, store and process data belonging to EU citizens. It standardises all the laws across Europe, and - perhaps surprisingly - can impact companies that are based outside Europe.
The first example of where GDPR applies is if you're targeting goods and services to European citizens. This can be the case if, for example, if you're selling durians to Danes. A second example of where GDPR applies is if you're targeting, analysing and monitoring European citizens.
The European doesn't even have to be in Europe for it to apply. "If a European citizen walks into a hotel in Malaysian today, the hotel is collecting European data," said Pathmanathan. "All European data collected must be processed according to the GDPR."
It may surprise people that EU law can impact companies in this region. “First they’ll go with big companies from Asia if they operate in the EU,” explained Pathmanathan. “If Asian companies don’t operate in the EU but have customers who are from the EU, then, they’ll be notified by International law through their own court.”
GDPR – A standard to follow
Much in the GDPR is similar to what already is present in the Personal Data Protection Act Malaysia, but Pathmanathan says that the GDPR is of a higher standard. "When I say higher standard, there are many provisions in the GDPR which you won't find in the PDPA," he elaborated.
Pathmanathan believes that this is a message that will be reinforced by Communications and Multimedia Minister, Gobind Singh Deo, who will be giving the keynote address at the conference. Referring to another speech made by the minister last October, Pathmanathan noted, "he did say that in the future we may want to review our PDPA to bring it up to the standards of the GDPR.
"That is why people need to learn about it," concluded Pathmaathan.
Certainly, the larger players have began to sit up and pay attention to the impact that the GDPR brings. "Google was just fined roughly 57 million Euro by the French Data Protection Union," said Pathmanathan, "Facebook is facing 1.63 billion Euro - all breaches of GDPR".
This sort of scrutiny will compel companies who do business in Europe to ensure that all their suppliers and third-party contractors downstream fall in line. "There will come a time in the future where the European organizations - businesses especially - are going to ask, are you GDPR compliant? If you're not, we're not going to do business with you."
What exactly needs to be done will be covered in detail at the conference. "The whole of Day 2 of our conference is on how to be GDPR-compliant," said Pathmanathan, referring to the companies that will be attending. "What we're trying to do in this case is to get them basically ready."
"The Impact of EU GDPR in Malaysia and Non-EU Countries" will be held in KL between March 18-19. Those interested can visit http://www.gdprconference.iconictraining.com.my/ to learn more or contact +6013 425 5803 (K. Pathmanathan – [email protected]) or +6012 398 0802 (Jason Yeah).