Skip to main content
CSC EU GDPR Seminar
Cyber Security Chapter’s “EU GDPR, Data Security & Impact to Businesses” Seminar
(Mr Goh Eng Choon, Vice-Chairman of Cyber Security Chapter, addressing attendees at the event)
On 14 August, SGTech’s Cyber Security Chapter organised the “EU GDPR, Data Security & Impact to Businesses” seminar which was attended by more than 80 industry representatives, and saw a lively exchange and discussion. Mr. Goh Eng Choon, Vice-Chairman of Cyber Security Chapter, welcomed the audience with an opening address. Ms Lyn Boxall, Director & Solicitor at Lyn Boxall LLC, shared on applications of GDPR on Singapore-based businesses and how it is different from the PDPA.
(Ms Lyn Boxall, Vice- Director & Solicitor at Lyn Boxall LLC, comparing the difference between PDPA & GDPR)
(Mr Elgin Koh, Manager (Tech) at PDPC, sharing on adopting best practices in the industry)
Additionally, attendees were advised on best practices on building websites and IT systems involving personal data by Mr. Elgin Koh, Manager (Tech) at PDPC. Next to present was Max Goh, managing director of LSA Consultants Pte Ltd, who explained what taking a risk-based information security entails, why security standards are important and how the ISO/IEC 27001 can be used as a framework to manage GDPR.
(Mr Max Goh, Managing Director of LSA Consultants Pte Ltd, sharing on the importance of Standards)
Attendees also had the opportunity to network among one another at this session.
(Post event networking with attendees and presenters)
SGTech also took the opportunity to speak with Mr Goh about the necessity and importance of ISO 27001 certification and why standards can help companies ready themselves for the future.
1. Why is ISO 27001 good for businesses and customers?
To use a simple analogy, how many of us leave our home without locking the door? How many of us remember to lock our cars after we parked it? Obviously, we do lock them – and we do it intuitively, because we protect what is important to us. Why then do we not want to protect information relating to our business?
It is in this context, that we believe that investing in ISO 27001 adoption is good for businesses and their customers. It is about future proofing your Business. It is about protecting information that is critical to you, your business and your customer. It is about protecting shareholder value and enhancing the value of your brand. It is about turning adversity into opportunity.
Where information security used to be a customer driven requirement and imperative, we should now leverage on ISO 27001 adoption as a competitive advantage and market differentiator.
Today, the window of opportunity to exploit this advantage is closing. As more companies get certified and information security standards become globally accepted, the paradigm will shift… companies that are not certified to the ISO 27001 standard will become competitively disadvantaged.
2. Is ISO 27001 a must? Is it more than a basic hygiene?
Events that were previously considered “black swans” – high impact, but low probability events – now seem to be an almost regular occurrence. This is not necessarily because information security breaches are happening more often, but because in a globally interconnected business environment, isolated breaches that occur in a different corner of the world that would normally remain isolated before, now have far-reaching consequences globally.
3. What is holding back ISO 27001 adoption?
Traditionally, investment in ISO 27001 has been held back because some businesses tend to view information security implementation as a cost and at best cost avoidance.
We should put on a different lens, and see investing in ISO 27001 adoption as means to achieving collateral benefits and revenue enhancement.
4. Many SMEs view standards as too complex and costly, what are the best ways to encourage SMEs to turn to standards?
Besides the existing government related grants which assist to defray part of ISO 27001 consultancy and certification costs, typically ISO standards certification are not complex. They are generic in nature and intended to be applicable to all organizations regardless of industry or size.
5. What are common ISO 27001 mistakes that companies make?
Common "mistakes" normally stem from poor implementation of control measures due to a lack of understanding of how control measures should be properly implemented. This can often be attributed to lack of monitoring and supervision as well as support from top management.
6. How can ISO be successfully implemented, and how can certification be continually sustained?
Management support is fundamental to the success of an effective ISO 27001 Information Security Management System program. If leadership by senior management is lacking, the appropriate focus, priority and resources may not be devoted to sustaining the program.
We cannot stress enough that ISO 27001 adoption is top driven. Thus, it is vitally important to engage senior management at the earliest stage. Senior management is also expected to maintain its support during and after the initial stages of ISO 27001 program implementation. Their involvement cannot be over emphasised and the effort required to achieve this should also not be underestimated.
Look out for the second part of SGTech’s interview with Mr Goh next month as he expounds on how organisations and SMEs in Singapore can cope with rising information security risks and if PDPA compliance is good enough for Singapore companies to meet GDPR requirements.
Published Aug 2018