Complying with the new data protection law could prove very costly for many businesses, a Government minister has acknowledged, while urging firms to see how best they can “share the cost”.
Minister of Innovation, Science and Smart Technology Senator Kay McConney, has told business figures at a stock exchange conference that the Data Protection Act would require companies to have certain compliance measures in place.
But she said so far several companies have indicated that the cost of compliance could be hefty.
“A number of people who are familiar have spoken to us about the cost for compliance. It is justified and it is very real,” McConney told the Barbados Stock Exchange annual Corporate Governance and Accountability Conference at the Hilton.
She said: “What I am going to encourage the persons in this room and those at the corporate level, especially at the board level to do, is to let those conversations be about how you can share or spread those cost, understanding that companies will not be able to avoid any cost at all when it comes to data protection and security, certainly not in this digital age, and especially if it is a company that is interested in accessing markets internationally and grow.
“So let us talk about sharing and spreading and looking at other strategies to make sure that we will be able to manage that in a way that serves our respective companies.”
She said before the law is proclaimed, Government would have to make sure that the “administrative arrangements are in place to truly give effect to it once it come”.
The senator added that her ministry was “busy at work” and collaborating with other government ministries “to make sure that when we do proclaim and it comes into effect that we truly can manage that process in a way that does service to all of our client groups”.
“When we talk about the cost of data protection, accept that there will be cost of some kind – the research and development cost of putting compliance and operational systems in place, the recruitment costs of the new categories of jobs or the training and recruitment costs to build capacity and reskill your team,” she said.
Government already recognized that some companies would need support, she said, adding that several opportunities in the form of “innovative programmes” would be made available. She gave no further details.
She said the Data Protection Act was intended to, among other things, regulate the treatment of personal data and sensitive personal data, with respect to how it is collected, stored and process, use and how it is disseminated.
Senator McConney said: “So every company and government need to be thinking ‘what are my processes for addressing the right of the people under this Act and how we will ensure that there is transparency in communication about the modalities – how the persons can go about exercising their rights under this.
“There is need for conversations at the board rooms. There is need for conversation across industries and within your respective professional associations, to see how locally, regionally and internationally there can be coverage for financial loss and access to appropriate cyber expertise and indemnity for the deployment of expertise to contain, mitigate and resolve incidents.
“There is an opportunity there and it is one that can be mined, for managing the corporate risk associated with cyber.
“These considerations and more are all part of the changing risk landscape in a digital age that require a collective response.”
Under the new Act, companies face a half-million-dollar fine for non-compliance. (MM)