×

The Need To Engage With Data Protection For Your Business In Asia

Adam Livermore – Partner, Dezan Shira & Associates 

Last week the World Economic Forum (more commonly known as “Davos”) was held entirely online for the first time. I imagine the powerbrokers that like to hobnob with each other in the attractive Swiss mountain village will hope that this online format doesn’t represent the future of the event. Unfortunately, it seems to me that the world has indeed changed to such an extent that physical, face-to face business communication will continue to be the exception rather than the rule, even after this pandemic is behind us.

The reason? People of all ages and backgrounds have been obligated to get used to digital communication. It’s a reluctant revolution because the medium feels unnatural to many and even a little invasive when meetings are being held with a background accompaniment of screaming kids and other interruptions. However, it’s here to stay because everyone now knows how to share a screen, how to give control to their colleague, how to create a new channel. While the world struggles to achieve herd immunity in the physical realm, the business world at least has achieved herd adoption already in the digital realm. CIOs are cheering, as they are empowered to a much larger degree than they were previously.

One challenge highlighted at the World Economic Forum is closely related to this digitization of communication. One of the largest ten threats to the world in the coming years was identified to be that of cyberattacks and data fraud due to a sustained shift in working patterns. More data being shared remotely over more channels with more people will inevitably lead to more data leakage. The phenomenon is a cyber-criminal’s dream. But it gives headaches if not nightmares to compliance departments. The last several years have seen the advent of GDPR in Europe, while CCPA has been imposing similar obligations on companies operating in California since 2020. This year, China will commence implementation of its Personal Information Protection Law to build upon existing legislation such as the Cybersecurity Law. Countries around the world are all at various stages of developing their own frameworks to protect their citizens’ data.

This dichotomy of sharing as much information as possible (which is being predominantly driven by CIOs), and the necessity to protect data more carefully (which is being driven by compliance departments) is playing out in interesting ways in Asia.

For many multinationals with operations in the Asian region, data has tended to be siloed at on-premise servers maintained by local IT teams in traditional ways. That has made it hard to share the data effectively with colleagues abroad, but counter-intuitively, it has also made it hard to protect the data. Are their on-premise server rooms as secure as those in dedicated data centers? Do their IT teams work 24 / 7 to protect the servers from attack? What kind of data redundancy and disaster recovery strategies are in place? Multinationals, and it seems to us at Dezan Shira & Associates particularly the European clients that we have, are aggressively moving to “cloud” solutions to avoid the limitations and liabilities involved in maintaining their own on-premise hardware.

Why the European multinationals? Presumably because their compliance departments will naturally tend to focus first on locations where they have large operations, and locations which have stringent data security legislation in place. That meant getting data privacy in their own back garden well-organized first, to meet GDPR requirements. Having done that, they look farther afield. For most European companies, the second most critical region for both their operations and their sales is Asia, not the US. Many European manufacturers will have production facilities across Asia. Many of their clients will be from the region as well.

Therefore, what we are seeing is that it is the European companies are tending to be more conscious of pulling up the level of data security compliance to meet not only GDPR, but the other regulatory regimes that are imposing similar requirements on companies worldwide. They are getting ahead of the game.

As they make this shift, the data sharing element becomes a fait accompli. Of our clients that are aggressively implementing digital transformation projects now, an overwhelming number are moving to the Microsoft M365 platform. Most of you will be familiar with this platform because of its most ubiquitous component at the current time – Teams – but M365 is a highly organized environment in which data is both shared and protected. Microsoft powers the platform with its own well-protected servers and 24 / 7 support teams. And the platform itself offers different levels of subscription – the more your organization is willing to pay, the higher the sophistication of the data protection provided.

However, when approaching their Asia strategy, companies find it impossible to ignore China. Most multinationals will tend to have more employees based in China than in the rest of Asia combined. As everybody knows, China brings complications to IT. Google-based platforms aren’t widely utilized in China for obvious reasons. The global version of M365 is not sold in China either. What is sold is a “diluted” product provided by the Microsoft 21Vianet JV that doesn’t even include the Teams functionality. The Global version of M365 will work in China, but the servers that power it are based outside of China. Because of Cybersecurity Law and impending Personal Information Protection Law requirements, certain data may not reside on those overseas servers. In short, there is no simple “plug and play” option for China, and therefore for Asia, because colleagues across the entire region will be expected to collaborate.

Solutions exist, but they require a precise knowledge of the regulatory environment in this part of the world, an understanding of the platforms and features that are available, and an on-the-ground implementation team that can affect a true “digital transformation”. My feeling is that this will be a theme for 2021 for many multinationals. 2020 was all about reacting to external shocks in home markets and protecting data in locations closest to HQ.

This year will be about putting together a more comprehensive data sharing and data protection strategy that can cover an entire global organization. Within that strategy, Asia is likely to be the most awkward component to integrate. At the same time, for many multinationals, Asia is where the largest amount of growth is likely to be generated, as countries on this side of the world emerge from the pandemic sooner than their peers in the west. Whether you are a CIO or a compliance manager, there’s no more time to lose.

Best regards;

Adam Livermore
Partner, Dezan Shira & Associates
E: adam.livermore@dezshira.com
W: www.dezshira.com

Disclaimer

Any views or opinions represented in this blog are personal commentary, belong solely to the contributor and do not necessarily represent the views of Asia Briefing Limited or Dezan Shira & Associates.

Back to News

Back to top