Is The Cloud PDPA Ready?
I can safely say that due to the flexibility and cost saving elements which cloud technology provides with its multi-layered and multi-tenant environment, both businesses and consumers today are quicker than ever to adopt the cloud platform — and this movement is only set to increase.
And while the fundamental principle behind cloud technology means that it transcends borders due to its inherently distributed nature, it looks like this might pose another issue.
Read this: Cloud Security: So Are We Secured (or Not)?
The enforcement of the Malaysian Personal Data Protection Act (PDPA) 2010 has highlighted an interesting issue concerning data protection and the cloud.
The PDPA Act 2010
The Malaysian PDPA Act 2010 caters for the:
- protection of an individual’s personal data rights
- protection of the rights of ownership and control of the dissemination of the data in a measured and protected framework
A pertinent aspect of the PDPA Act — especially where the cloud is concerned — is the prohibition of transfer of personal data from within Malaysia to third party countries except those specified and gazetted by the Commissioner of the Personal Data Protection Department.
The Borderless Cloud Frontier
As a globalized concept, there are no borders within the cloud. Due to the architecturally diverse nature of the cloud, a common unifying thread is the globalised hosting of cloud platforms across multiple hardwares at distributed locations spread across the world — all unified by the internet as its backbone.
Where data protection is concerned, cloud computing raises a number of interesting challenges.
The PDPA Act requires that it is always made clear:
- where personal data is stored;
- by whom it is processed;
- who is responsible for the data processing.
But it’s not always easy to know in which country the customers’ data resides in at any given time.
When data is stored outside the country, one might be at risk of violating the PDPA Act.
Cloud solution providers like Lava Protocols have to take sufficient steps and ensure precautions are in place so that no unwanted access and disclosure of personal data takes place.
Where Salesforce.com cloud solutions are concerned, Lava’s clients can be rest assured that all 3 distributed main data centres in Unites States, Europe (EU) and Japan (APAC) are countries with comprehensive legislative frameworks that are PDPA compliant.
Google’s cloud solutions, with its data centres in Taiwan that serve the APAC region, are also similarly compliant with PDPA due to prevailing legislative frameworks.
A Safe Harbour
As the inevitability of the cloud’s influence steadily marches on, one thing that cloud customers can be assured of is that both their customers as well as their own privacy rights as provided for by the PDPA Act 2010 will continue to be upheld.
At Lava, we have put in place steps to create a culture, as well as respect data protection that incorporates the PDPA’s best practices when deploying cloud projects for our clients.
A key part of that culture is education and to that end Lava’s entire organisation, from Sales to Deployment to Success, has been empowered via PDPA compliance seminars — ensuring the organisation as a whole, is geared towards PDPA compliance.
After all, good data protection just means good business.
Bibliography
Personal Data Protection Act.” American Malaysian Chamber of Commerce.
Personal Data Protection Act 2010 (PDPA).
Jasraj Sandhu is a Senior Business Analyst at Lava Protocols.
Lava is an authorised Salesforce Partner in Malaysia and has more than a decade of experience in cloud solutions which includes marketing automation, CRM implementation, change management, and consultation. We pride ourselves in not just being a CRM partner but in also understanding the needs of our customers and taking their business to the next level.
Tags:
Blog