• About
  • Subscribe
  • Contact
Wednesday, April 30, 2025
    Login
FutureCFO
  • Business Insights
    • Competencies and Capabilities
    • Digital Transformation
    • Leadership and Roles
    • Mergers and Acquisitions
    • Risk and Regulation
    • Strategies and Tactics
  • Operations
    • Audit and Compliance
    • Finance Accounting and Reporting
    • Operational Accounting and Control
    • Tax Management and Optimization
    • Treasury and Cash Management
  • Technology
    • Artificial Intelligence
    • Automation
    • Big Data
    • Blockchain
    • Business Applications
    • Cloud, Platforms and Ecosystems
    • Future Technology
  • Resources
    • Whitepapers
    • PodChats
    • Videos
  • Events
  • Awards
  • Knowledge Hub
    • Sustainable Finance
No Result
View All Result
  • Business Insights
    • Competencies and Capabilities
    • Digital Transformation
    • Leadership and Roles
    • Mergers and Acquisitions
    • Risk and Regulation
    • Strategies and Tactics
  • Operations
    • Audit and Compliance
    • Finance Accounting and Reporting
    • Operational Accounting and Control
    • Tax Management and Optimization
    • Treasury and Cash Management
  • Technology
    • Artificial Intelligence
    • Automation
    • Big Data
    • Blockchain
    • Business Applications
    • Cloud, Platforms and Ecosystems
    • Future Technology
  • Resources
    • Whitepapers
    • PodChats
    • Videos
  • Events
  • Awards
  • Knowledge Hub
    • Sustainable Finance
No Result
View All Result
FutureCFO
No Result
View All Result
Home Business Insights Risk and Regulation

POV: Why CFOs can’t ignore privacy and compliance in 2023

Allan Tan by Allan Tan
September 16, 2022
POV: Why CFOs can’t ignore privacy and compliance in 2023

POV: Why CFOs can’t ignore privacy and compliance in 2023

In June 2022, after two years of delay, the Thailand Personal Data Protection Act B.E.2562 came into effect. The act aims to create greater transparency and accountability whilst handling personal data, bringing changes to the privacy landscape for businesses.

Thailand is following other markets in Asia that have seen governments finally come to terms with the importance and necessity of formalising data privacy protection and regulation. And it comes at a time when companies have realized the importance of making decisions based on data, as opposed to tradition, gut feel, culture, or a combination of these.

As companies continue to push the envelope of their data-driven ambitions, it is natural to conclude that the management and privacy of data is a concern not just for the privacy officer or the legal department, but the rest of the leadership including the CFO.

Anna Russell

Anna Russell, worldwide VP of sales and strategy for Voltage at Micro Focus, opined that many principles in existing privacy regulations and laws advance during the pandemic. She added that many data regulations have rules that accommodate emergency measures such as the pandemic.

“For example, the GDPR – one of the world’s strictest privacy regulations – is backed by principles such as data minimisation and purpose limitation. This means that as little personal data as necessary should be collected and used for a specific emergent purpose.”

Anna Russell

She also pointed out that transparency and protection principles also advanced. “Affected individuals must be informed clearly about the usage of their data, and the data must be sufficiently protected against cyber risk and unauthorised sharing across the organisation,” she continued.

She believed that in comparison to the pre-pandemic landscape, the amplified reliance on these principles will likely pave the way for security advancements that ultimately improve privacy.

What are the role of Chief Financial Officers (CFO) and senior finance leaders when it comes to data privacy and compliance?

Anna Russell: The CFO’s role has evolved significantly over the past decade to accommodate more than just financial stewardship. CFOs today need to have a strong understanding of technology-driven issues such as information security, data management, and data privacy and compliance.

With data breaches on the rise, data protection and privacy are at the top of the agenda for many organisations. At the end of the day, the damage that unprotected or unsecured data can cause – from strategic losses, and regulatory penalties, to reputational damage – will make a dent in a company’s finances.

Not to mention, budget provisions for ensuring data privacy and protection will fall on the CFO’s table. From anticipating the cost of a data breach to supporting the design and implementation of a privacy framework across the organisation, CFOs today have a greater responsibility that encompasses data privacy and compliance.

What makes sense to delegate and are any proven approaches to stay aware, and involved in data privacy and compliance measures?

Anna Russell: Depending on the size and needs of the organisation, there are multiple ways to stay on top of data privacy and compliance measures. One way, for example, is to appoint a dedicated policy owner within the company itself. This team member’s job will be to monitor upcoming changes and identify solutions for the organisation to remain compliant.

Another option is to outsource this to an external partner with the right expertise. Privacy laws vary across geographies, and changes may often come with nuances that are challenging to navigate. An external partner that focuses on compliance can lower the impact on your internal teams, as they will not need to scramble when new changes to privacy laws are made.

Today, many technology-driven organisations offer tools and services that reduce compliance burden and quickly solve difficult data privacy challenges. For example, there are security data platforms that can protect the information in compliance with global data privacy regulations throughout the entire lifecycle of data – from the point the data is captured and throughout its movement across the enterprise.

As organisations move to become more data-driven, how will data-driven strategy impact an organisation’s commitment to data privacy and compliance?

Anna Russell: Organisations are finding the explosion of data an insurmountable task to manage, especially with the pressure of security frameworks and data privacy regulations. For customers and enterprises to get the most value out of their data, organisations must design an end-to-end framework to deliver insight and control, data protection, and usability, across the entire data life cycle. When it comes to data privacy and compliance, this framework must encompass:

Data privacy readiness – Enterprises need to first discover, classify, and analyse data based on a contextual understanding of the data elements, which will enable further actions such as protection, retention, and disposal

Test data management – Organisations can no longer use real production data for testing, development, quality assurance, or education, due to data privacy laws. Hence, it is vital to have effective tools that generate anonymised and protected data that will deliver the required outcomes

PII/Personal Data Encryption – Organisations must identify and assess personally identifiable data to understand risk exposure and apply technology to quickly and cost-effectively encrypt this data for secure use

What steps should a CFO take to ensure the enterprise adheres to its data privacy commitments even as the business itself moves to become more data-driven?

Anna Russell: The first and most crucial step is to create a strong data privacy and protection strategy, as part of the company’s wider data-driven strategy. This ensures that data privacy is embedded throughout the lifecycle of the data, beginning at the moment it enters the enterprise environment.

CFOs should also keep in mind that customers and consumers require companies to operate under privacy laws and frameworks. While ensuring internal stakeholders are fully aware of the financial implications of non-compliance or breaches, they must put the interests of the customers first.

This means writing privacy policies in simple language that all stakeholders across the organisation, beyond lawyers, can understand and ensuring that policies place the customers’ interest at heart.

Lastly, as organisations increasingly digitalise, CFOs must also understand and finance innovations within the data privacy space. To fully ensure regulatory compliance and protect data, CFOs must embrace and support the implementation of the latest innovations in Privacy-Enhancing Technology (PET). Especially as companies seek to store sensitive data to leverage it for future commercial gain.

PET enables businesses to leverage insights from third-party private data without violating any laws by ensuring confidential information that cannot be shared is not revealed.

Any thoughts on what to expect in 2023?

Gartner predicts that by 2024, 75% of the world’s Sensitive Personal Identifiable Information (SPII) will be covered by one of the many (and ever-growing) Modern Global Privacy Regulations. In 2023, in preparation for this prediction, enterprises processing or wanting to do more with SPII covered under regulations will need to be investing in PET.

We will see higher numbers of Data Privacy Officers being appointed, and the responsibility being shifted to incorporate legal, compliance and security so they can work much closer together.

With this being brought into force now with a lot of enterprises, we expect to see PET projects being associated with Privacy-by-Design and not as an afterthought to tick the box for compliance or regulatory obligation.

This will be extremely important for companies who face global multi-privacy regulations to ensure approaches and standardisation of techniques are globally transferrable.

Related:  Capital allocation: How CFOs can increase economic value added
Tags: compliancedata privacyGartnerMicro Focusprivacy-by-design
Allan Tan

Allan Tan

Allan is Group Editor-in-Chief for CXOCIETY writing for FutureIoT, FutureCIO and FutureCFO. He supports content marketing engagements for CXOCIETY clients, as well as moderates senior-level discussions and speaks at events. Previous Roles He served as Group Editor-in-Chief for Questex Asia concurrent to the Regional Content and Strategy Director role. He was the Director of Technology Practice at Hill+Knowlton in Hong Kong and Director of Client Services at EBA Communications. He also served as Marketing Director for Asia at Hitachi Data Systems and served as Country Sales Manager for HDS’ Philippine. Other sales roles include Encore Computer and First International Computer. He was a Senior Industry Analyst at Dataquest (Gartner Group) covering IT Professional Services for Asia-Pacific. He moved to Hong Kong as a Network Specialist and later MIS Manager at Imagineering/Tech Pacific. He holds a Bachelor of Science in Electronics and Communications Engineering degree and is a certified PICK programmer.

No Result
View All Result

Recent Posts

  • Modernising Days Sales Outstanding (DSO) for 2025
  • A Day in the Life: Shelly Maneth from Red Hat Asia Pacific
  • Singapore Inc: Expanding horizons in ASEAN and beyond
  • Technology essentials for the modern CFO
  • Transforming budgeting through automation

Categories

  • Artificial Intelligence
  • Audit and Compliance
  • Automation
  • Big Data
  • Blockchain
  • Business Applications
  • Business Insights
  • Case Studies
  • Cloud, Platforms and Ecosystems
  • Competencies and Capabilities
  • Digital Transformation
  • eBooks and eBriefs
  • ESG and sustainability
  • Finance Accounting and Reporting
  • Future Technology
  • General
  • Infographics
  • Leadership and Roles
  • Mergers and Acquisitions
  • Operational Accounting and Control
  • Operations
  • Polls and Surveys
  • Resources
  • Risk and Regulation
  • Strategies and Tactics
  • Tax Management and Optimization
  • Technology
  • Treasury and Cash Management
  • Videos/Tutorials
  • Webcasts/Podcasts
  • White Papers

Strategic Insights for Finance Executives

FutureCFO.net is about empowering the CFO and the Finance Team to take on the leadership position in the digitalization of the enterprise. It's more than just a portal for the exchange of industry best practices, it is about creating and growing a community of finance professionals able to share learned experiences, providing a platform for the current and next generation of finance leaders and professionals.

Quick Links

  • Videos
  • Resources
  • Subscribe
  • Contact

Cxociety Media Brands

  • FutureIoT
  • FutureCFO
  • FutureCIO
  • Privacy Policy
  • Terms of Use
  • Cookie Policy

Copyright © 2022 Cxociety Pte Ltd | Designed by Pixl

Login to your account below

or

Not a member yet? Register here

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
No Result
View All Result
  • Business Insights
    • Competencies and Capabilities
    • Digital Transformation
    • Leadership and Roles
    • Mergers and Acquisitions
    • Risk and Regulation
    • Strategies and Tactics
  • Operations
    • Audit and Compliance
    • Finance Accounting and Reporting
    • Operational Accounting and Control
    • Tax Management and Optimization
    • Treasury and Cash Management
  • Technology
    • Artificial Intelligence
    • Automation
    • Big Data
    • Blockchain
    • Business Applications
    • Cloud, Platforms and Ecosystems
    • Future Technology
  • Resources
    • Whitepapers
    • PodChats
    • Videos
  • Events
  • Awards
  • Knowledge Hub
    • Sustainable Finance
Login

Copyright © 2022 Cxociety Pte Ltd | Designed by Pixl

Subscribe