Kevin Shepherdson, Ceo, Straits Interactive
In our information era, all businesses are vying to harness data, the world’s most valuable asset. At the same time, under data protection and privacy laws, organizations are required to govern how they collect, use, disclose and store (or dispose) personal information.That value, combined with those laws means that it’s therefore vital to secure information that businesses processing physical premises as well as in virtual systems or channels because the threat to data is very real. Without adequate preparation and safety measures in place, organizations become susceptible to hacks and breaches due to malicious acts or negligence which can cost them dearly.
As technologies advance and the value of data skyrockets, businesses need to realize how critical data security and privacy are. Then again, complying with data protection and privacy laws prescribed by governments can be a huge organizational challenge. And although these laws are molding the international business landscape, simply adhering to them is not enough. There is a need to demonstrate accountability to regulators and stakeholders.
Straits Interactive is ASEAN’s leading provider of governance, risk, and compliance (GRC) solutions designed to maximize data protection and privacy. Through its comprehensive solutions, it helps clients create a trusted business environment. Legal compliance is not enough. Most compliance failures are operational. Therefore, it promotes a holistic combination of legal and operational compliance – that is, standard operating procedures developed by and for the business that every employee must follow so that they do their jobs in compliance with the laws and a legal and documentary framework to comply with the data protection and privacy laws.
Straits Interactive began as a bootstrapped startup, set up by Kevin Shepherdson and Alvin Toh in 2013, with only three employees, to help organizations comply with the rapidly emerging data protection and privacy laws in ASEAN. In helping clients stay compliant, it cultivated its expertise and started supporting organizations at the industry level and now supports national regulators in the region. And it’s growing successfully: Headquartered in Singapore, it has built branches in India, Malaysia, and the Philippines and has 35 core employees and key consultants. While many free-spending start-ups fail, its cash flow is positive with sales forecasted to be above US$5 million this financial year. Kevin, the CEO, says, “What makes Straits Interactive outstanding is our end-to-end offering in the totally new area in ASEAN of data protection and privacy, combining both traditional approaches and new technology, yet being able to create sustainable revenues.”
In six short years, the company has strengthened thanks to:
- Publishing the book “99 Data Breaches to Beware of” that’s positively endorsed by regulators from the EU, Hong Kong, Ghana and more.
- Having ASEAN’s largest team of certified data protection/privacy and GRC consultants.
- Serving many industry leaders in retail, telecommunications, infocomm technology, property, healthcare as well as government agencies and social service organizations.
- Providing support to regulators in Singapore, Malaysia, the Philippines, and Indonesia in the promotion of data protection education and curriculum development.
- Creating its own privacy management software, DPOinBOX, which blends with its training and advisory services.
- And, providing the largest offerings of data protection courses in the region with professional certifications and advanced diplomas through its Data Protection Excellence (DPEX) Centre.
Straits Interactive’s corporate culture is actually embedded in the word “Straits” an acronym. As Kevin explains, “The most important virtues to our success are embedded in our core values – Systematic, Teamwork, Respect, Adaptability, Integrity and Sustainability. We uphold them in the way we design our products, deliver our services, and in relationships with our employees, partners, and clients.” All employees are given ample opportunities and are always encouraged to sharpen skills. Although most are ‘career switchers’ or working parents all have been re-skilled and are highly experienced. And through special onboarding courses and in-depth training, they pick up the essential principles, layering upon their domain knowledge.
The company encourages a love for learning and its training helps both corporations and individuals cultivate accountability, become efficient data protection officers, master the latest tools and boost productivity. The company has helped in designing the national Data Protection Officer curriculum and its courses are listed on the Singaporean regulator’s website. Kevin states, “The success of our company and our market reputation are testimonies of the effectiveness of our corporate virtues and hard work.” Beyond merely delivering a service, the company delivers an implementable compliance program engineered towards long-term sustainability.
Kevin says, “We believe in the ‘principled performance’ approach i.e. reliably achieving our objectives with our clients, while helping them to address risks and uncertainty, and always acting with integrity in the way we do business.”For example, in the event of a data breach, Straits Interactive helps its clients by critically analyzing the problem and providing expert assistance in breach response. In contrast, other organizations would negotiate their fees before providing any help. All operational challenges and issues are addressed by its consultancy and advisory services, hands-on professional data protection or eLearning courses and data protection/privacy management software. Kevin shares that its software platform enables a blended approach to provide its compliance services and uses virtual reality to make learning fun.
In 2018, Straits Interactive launched the Data Protection Excellence (DPEX) Network whose aim is to assist in turning Singapore into a regional hub promoting data protection awareness and best practices. The company has also partnered with the National Privacy Commission of the Philippines and local universities such as the Singapore Management University, the Philippines De La Salle University and the International Islamic University of Malaysia. In response to the International Association of Privacy Professionals estimating a need for 75,000 DPOs worldwide beyond 2019, the company will strengthen its DPEX Network to help meet the shortage of data protection expertise. Kevin concludes, “We hope in the near future, to run DPEX Network forums in each country in the ASEAN region and launch data protection excellence centers locally to enhance the competencies of data protection professionals.”
