THE financial services industry in South-East Asia has witnessed massive developments, with increased investments into platforms and aggregator sites to provide consumers with a wider range of choices.

Consumers across the region have embraced and switched to these localised alternatives and what was once a cautious adoption of financial technologies has turned into a meteoric rise.

According to a Deloitte survey, 78% of consumers from the South and South-East Asian regions have increased their use of digital services during the pandemic.

In that regard, regulators have become more aware that these digital services have many benefits to offer.

However, their increased adoption also leads to an increased exposure of data, especially personal identifiable information.

As regulators become increasingly aware of the exposure to identifiable information of customers and in the wake of the General Data Protection Regulation (GDPR), there have been several laws enacted throughout the region.

Between 2010 and 2020, 13 jurisdictions in Asia enacted new data privacy laws.

Ganesan believes companies have switched to localised alternatives.

To cite a few, there was Malaysia’s Personal Data Protection Act 2010 (PDPA), followed by Singapore’s Personal Data Protection Act 2012, the Philippines’ Data Privacy Act 2012 (DPA), Thailand’s 2019 Personal Data Protection Act, B.E. 2562, and China’s 2021 Personal Information Protection Law (PIPL).

Due to the sheer number of regulations that organisations need to comply with and the magnitude of best practices available, it can be overwhelming to understand what will work best for a business.

The key is to understand the organisation’s specific requirements first, then adopt the best suited, universally adopted frameworks to standardise the compliance processes.

To overcome this challenge, organisations need a solid plan to secure critical data sources, educate users, as well as implement mitigation policies to ensure their customer data is secure.

Leaders must be agile as regulations are bound to evolve.

Implementing a governance, risk and compliance (GRC) plan can help organisations develop a central framework to tackle this important management concern. The first step is to determine what the organisation wants the GRC framework to achieve.

Understanding business processes – identifying and ranking goals based on what is most important to the organisation – becomes a priority.

Besides that, implementing the GRC framework is usually safer when the rollout is in phases.

Achieving the fundamental results in the beginning and then building upon the initial framework will ensure that it includes various aspects and these are each given their due attention. In that regard, it is essential to define the key success metrics for each of the goals that were identified at the beginning of the GRC framework process.

Pinpointing clear success metrics for each objective will provide a true reflection of the strength of the framework.

To aid in this, technology can significantly streamline the implementation of an organisation’s GRC plan. Identify the tools that will help meet objectives faster and make sure to take ease of deployment, cloud presence, and application security into consideration while making the selection.

The GRC framework is always a work in progress. As the world becomes increasingly security and privacy conscious, organisations are under more scrutiny than ever before.

A carefully planned, comprehensive compliance framework can go a long way in ensuring not only legal compliance, but also instilling faith and trust in products and services.

As long as data protection and privacy are embedded in an organisation’s culture, any gaps or risks that might emerge can be identified and resolved with relative ease.

Rajesh Ganesan is vice-president of Products at ManageEngine, the IT management division of Zoho Corp. He is a part of the leadership team overseeing product strategy and direction for the overall suite.