"It is therefore advisable that businesses take action as soon as possible to implement compliance initiatives, which should include identifying personal data being collected and the purpose of collecting such data; issuing personal data protection notices to customers; applying processes to comply with security, retention, accuracy and access requirements; and auditing compliance from time to time," he said.
Thiel said companies that handle any personal data or information that "relates directly or indirectly to an individual (data subject), is material that enables a data user to identify an individual (employee, customer, visitor etc.) and can take the form of hard copy (paper) data, or soft copy (electronic) data."
"The Act introduces a broad regime that imposes responsibilities upon businesses and organisations that manage and process personal data as part of any commercial transactions," he said.
"Processing information means collecting, recording, holding or storing personal data; or the authority/control over the processing of personal data, such as through an outsourcing agreement," said Thiel.
Sign up for CIO Asia eNewsletters.