The Data Protection Excellence Network (DPEX) is the first of its kind facility in the region whose aim is to provide leadership, best practices, training, research and support for all things surrounding data privacy from an operational perspective.

Operational Compliance vs Legal Compliance

Compliance with data protection laws has traditionally been approached from a legal perspective. While fulfilling the “what” or the requirements of the law is no doubt important to ensure that organisations don’t run afoul of the law, what management teams new to data privacy laws are looking for is the “how to comply” with the law from an operational perspective – or a practical operational compliance framework they can follow that takes into account their business processes.

Herein lies the difference between legal and operational compliance.

Hot Jurisdictions for Data Protection Laws

ASEAN and the India region are expected to be the hottest jurisdictions when it comes to data protection laws – where the laws are upcoming, newly introduced or being enforced. For the first time, organisations and their staff must get used to the business culture that there are now rules to follow when they collect, use, disclose and store personal data as part of their every day activities; and they are expected to demonstrate accountability to regulators in the event of a data or privacy breach.

Accountability and the Data Protection Officer

The importance of operational compliance is also seen in the mandatory appointment of a data protection officer in Singapore and the Philippines. In addition, the upcoming General Data Protection Regulation (GDPR) in the European Union – which will impact all countries that process personal data of EU citizens – also requires a data protection officer in specific cases. As a result, industry experts predict the shortage of data protection officers as organisations start to comply.

The above is what prompted the creation of the Data Protection Excellence Network. For more information on how you can get involved to promote data privacy from an operational perspective, write to