By Sharon Lewis and Reethu Ravi This article is the first of a four-part Tech’s Year in Review series reviewing developments across industries in 2020. This first installation discusses some industries spotlighted by the COVID-19 pandemic, namely edtech, logistics and supply chains, fintech, [...]
Singapore based cybersecurity and data protection firm, Privacy Ninja aims to empower and make accessible to all businesses in Singapore a higher data security standard by elevating the level of DPOs (data protection officer) in the country. Their leading DPO-as-a-service has helped up to 150 SMEs, and they have successful helped DPOs in 30 companies across different industries through their PDPA (Personal Data Protection Act) training course.
Taking effect in 2013, the PDPA requires all businesses to appoint a DPO to be the custodian of data in the organisation, as well as to uphold the data protection obligations required. Unfortunately, many companies have failed to do so, in October 2019 the PDPC (Personal Data Protection Commission) has issued over SG $1.29 million in data breach fines. As of 5th October, the government has tightened regulations, and increased the penalty to 10 per cent of their annual Singapore turnover or up to a cap of SG $1 million, whichever figure is higher.
Founded in April 2018 by Andy Prakash and Dexter Ng, the duo have a decade of experience in the field of cybersecurity, and Privacy Ninja was conceived to help companies become digitally resilient and ready in response to the rise of cyber attacks in Singapore in recent years. In 2016, a data breach in Uber affected 380,000 in Singapore, and in 2018, a cyber attack on Singhealth compromised the personal data of 1.5 million Singaporeans.
With COVID-19 fast tracking the operations of businesses to go digital, data protection has to be a priority. Dexter Ng, CTO of Privacy Ninja says “A lot of businesses are rushing to go digital during this period and launching E-Commerce websites without any security measures in place such as performing penetration tests. There are a lot more data breaches happening this year compared to 2019. It is important for every company to have a DPO to implement security measures and policies to lower the risk of a data breach.”
As cyberattacks become more sophisticated, the roles and responsibilities of the DPO will expand, and more often than not, they become an organisation’s first line of defence. The lack of awareness and expertise is a critical vulnerability that has made Privacy Ninja’s DPO-as-a-service essential for their clients.
Andy Prakash, CEO of Privacy Ninja says, “SMEs were approaching us for help with their PDPA compliance due to our track record in the industry, and attractive rates that make our service accessible to businesses of all sizes. Coming from a cybersecurity background, we are able to value-add in much more ways, and have even taken on breached businesses as clients and successfully helped them through effective action plans that meet and exceed the PDPC requirements.”
Going beyond their DPO-as-a-service, Privacy Ninja have extended their efforts to educate and equip companies with the necessary skills to be PDPA compliant. Supported by Skillsfuture, the training is tailored to suit companies regardless of their size and industry. Head of Engineering form Tickled Media, Alvin DeCruz, who has went through the course mentions, “Privacy Ninja is knowledgeable and professional in what they do. We engaged them to conduct PDPA training for my staff and everyone greatly benefitted, safe to say we are much more aware and aligned to the PDPA’s obligations.”
Seeing the growing demand for the course, Privacy Ninja is improving the process through the development of VR training modules to make the learning experience more engaging and effective.
Despite regular and recent official reminders from the government, a large number of companies in Singapore have yet to appoint a DPO. As the recent cyber attacks have shown, the ramifications of a data breach are far reaching, and constant vigilance is important. Moving forward, Privacy Ninja believes that cybersecurity and data protection has to be at the foundation of all companies through their digital transformation journey.
Businesses and individuals who wish to contact Privacy Ninja can drop a message at [email protected] or drop a line at +65 9878 8993
About Privacy Ninja:
Privacy Ninja is a cyber security and data protection firm comprised of a team of cybersecurity and privacy focused professionals with over a decade of experience in the industry who aim to help businesses in Singapore and beyond achieve PDPA compliance.
Their expertise extends to PDPA Consultancy & Training, PDPA Audit, DPO-As-A-Service, Data Protection, and Software Penetration Testing.