Singapore’s events industry needs greater awareness of PDPA: experts

The MICE Dialogue on Data Protection, organised by the Singapore Association of Convention & Exhibition Organisers & Suppliers (SACEOS) last Thursday, has raised awareness that event companies must put in place policy guidelines and practices to safeguard the collection, retention, use and disposal of personal data.

The MICE Dialogue on Data Protection was moderated by MCI Group Asia Pacific’s Zarina Othman (far left) and featured speakers Vicki Heng Law Corporation & Barrister of Middle Temple’s Kelvin David Tan and Info- Communications Media Development Authority’s Valeriane Toon (far right)

Apart from stricter Singapore rules on Personal Data Protection Act (PDPA) kicking in by September next year, the issue of the EU’s General Data Protection Regulation, which came into effect in May, will also impact the industry, according to speakers.

Kelvin David Tan, director, advocate and solicitor with Vicki Heng Law Corporation and Barrister of Middle Temple, said companies have to appoint a data protection officer (DPO), conduct data audits and have solutions in place to quickly rectify a data breach.

Tan advised: “Red flags will be raised if these are not in place. For companies to be compliant, as far as they are aware, they must have data consent properly spelled out, avoid excessive data collection and be careful when using third-party vendors like those providing IT services.”

Ralph Hendrich, SACEOS honorary treasurer and general manager of Koelnmesse, said the industry must take “the asking of consent every time” seriously to build trust, that the data collected is protected and the data must be deleted after the event.

On the criteria of the DPO, Tan said it did not have to be a full-time appointment, but the officer must be knowledgeable about data and data flow. “Depending on the industry, it could be the marketing head in the F&B industry or the legal officer in an IT company,” he noted.

The difference between PDPA and GDPR was addressed and attendees learnt Singapore is focusing on data protection and the EU on privacy.

Hendrich noted: “GDPR is about residency and can apply to a Singaporean living in Germany, making data portability – like who is getting it and who can use it – for EU residents complex.”

Sponsored Post