Compliance By Design

Elly Tham, Head, Legal And Compliance, Lixil Asia

Elly Tham, Head, Legal And Compliance, Lixil Asia

Recently, I attended a practitioner course on data privacy in Singapore. The key takeaway for me was this – data protection by design.

One of the best ways to translate data protection policies into business processes is to adopt a data protection by design approach. Quite simply, this means to consider the protection of personal data from the earliest possible design stage of any project, and throughout the project’s lifecycle. In short, do not relegate data protection to an afterthought.

Designing for data protection right at the start allows a company to identify, assess and address data protection risks early and adequately. Processes can be designed or tweaked where necessary. This early resolution minimises costs and disruption to the company’s business processes, compared to having to make changes post implementation.

This is even more important in this age of rapidly advancing technology, where companies are jumping onto the IoT, AI and other new tech bandwagons to improve their products, services, and processes.

To cite an example, My Starbucks Barista (a Starbucks mobile app) allows customers to place and pay for their orders through voice command or messaging to a virtual barista using artificial intelligence algorithms. More recently, a bar in London has become the first in the world to install new AI-powered facial recognition tech to stop people from jumping the bar queue.

Data protection issues arise in every feature of these systems – from the capturing of the facial images and voice recordings, linking the orders preferences and payment information to the individuals, to the storage and destruction of the data that has been amassed. Can such personal data be collected, where and what is in the data repository, how else will the data be used, and what are the data security measures in place? These are just a few of the many questions that must be answered.

Imagine if the systems were rolled out without first addressing data protection concerns.

And why should it stop at data protection? For the same reasons, compliance as a whole (anti-corruption, anti-money laundering, trade compliance, to name a few) should be considered at the earliest design phase of any new project. Otherwise, the company risks additional costs and disruption when system features need to be changed.

But that should not the sole reason for a company to embrace compliance by design.

Just as advanced technology offers exciting new possibilities for the business, novel opportunities to manage compliance may also arise.

Consider how a new system can potentially incorporate compliance assurances and checks into business processes which may otherwise not have been possible, at little if not no extra cost.

One example I can think of are financial tools. In addition to implementing financial management systems for managing transactions and budgeting, can the same system also automatically track gratuities spending and recipients, in line with a company’s gratuities policy? This will certainly free up employees’ time from having to track the same manually or through keeping excel sheets, time which can then be invested elsewhere.

So, the next time you are designing a new initiative for your company, involve your compliance team in the discussion early. Compliance by design can benefit your company in more ways that you think.