Unlocking business value with accountable use of data

Use of data in the digital economy enables businesses to spot new trends or threats and move more quickly than their competitors. As businesses start to seize these opportunities, it is important that their use of data is backed by sound data protection principles so that they can innovate with confidence and help create a digital economy built on a foundation of trust.

Data-driven innovation has become a key pillar of 21st-century growth. It has the potential to significantly enhance productivity, resource efficiency, economic competitiveness, and social well-being. In fact, a study by Tableau Software and YouGov1 found that more than 80 percent of data-driven businesses gained business advantages despite COVID-19, because they could make decisions faster and communicate more effectively with stakeholders.

With data-driven insights, businesses are able to identify less productive business areas for review and target their marketing budget to customer segments that matter most.

This was what e-commerce company, Kearea, discovered in their data analytics journey. Using insights generated from data on sales and stock movements, they were able to map associations between products that customers were buying. For instance, they found that customers would often buy vacuum cleaners together with filter packs. Based on such insights, they were able to stock products in appropriate ratios and eliminate issues with stagnant inventory, and saw a 50 percent growth in the business.

Before businesses can realise these opportunities, however, many find themselves grappling with questions such as:

  • What data can we use?
  • How do we make sense of it?
  • How do we ensure that we are compliant with data protection laws when using the data for business decision-making?

Balancing the innovation impetus against data accountability

In a move to pivot from mere compliance to accountability, Singapore introduced amendments to the Personal Data Protection Act (PDPA) in 2020 to support organisations’ use of data to thrive amidst new technology, business models and global developments in the digital economy.

The Business Improvement Exception and Legitimate Interests Exception were introduced as part of the amendments, allowing businesses to use personal data that they have without having to obtain additional consent from individuals, so long as there are valid exceptions and safeguards in place in ensure accountability.

For example, businesses can rely on the Business Improvement Exception when the use of personal data is necessary to enhance business processes, or can help in the personalisation of goods or services through a better understanding of the activities and preferences of customers. The Legitimate Interests Exception applies when the use is for legitimate interests, and a risk assessment has to be conducted to ensure the legitimate interests outweighs any adverse effect on the individual.

Applying data protection principles to data use

Alibaba Group is one example of an enterprise which leveraged on the Business Improvement and Legitimate Exceptions to address market research and customer service challenges, as well as its ongoing challenge with risk management. To address these issues, the e-commerce company relied on the exceptions to develop tools for collecting and analysing personal data and applying the insights to deliver better business outcomes.

For instance, its Data Management Platform relies on the Business Improvement Exception to pull together and analyse consumers’ data and help merchants identify groups of customers they can approach for targeted marketing and promotional campaigns. Applying the same exception, its automated customer service chatbot is trained on communication data between sellers and buyers to optimise the algorithm for generating responses to customer inquiries.

Relying on the Legitimate Interest Exception, Alibaba developed a centralised risk control tool that helped detect and address existing or potential risks by processing all relevant personal data under its possession.

While the exceptions ensure that the use of data is underpinned by sound data protection principles, businesses relying on them should also ensure sufficient data protection measures in place to safeguard customers’ interests. For example, meeting data minimisation requirements to protect users’ raw data and privacy rights under the PDPA.

For Alibaba, this meant using only anonymised data and ensuring that data is desensitised before it is processed for data analytics or algorithm training. This ensures that only the necessary data is used and there is no access to the original raw data. Customers can also opt out of receiving marketing messages at any time, and in situations where users are adversely affected by the decisions or actions generated by the tools, channels are provided for them to provide feedback.

Ensuring a foundation built on trust

When businesses have the trust of consumers, they can build brand equity and gain access to the data they need to drive innovation at the same time.

It is important, therefore, to undergird the use of data with good data protection principles to build a data-driven culture based on accountability, as highlighted in the panel discussions at the recent Personal Data Protection Seminar 2021.

For a start, businesses should ensure that their policies and practices comply with the obligations under the PDPA, and these policies and processes are effectively implemented. This can be done easily by implementing a Data Protection Management Programme (DPMP) to review and benchmark their existing personal data protection policies and practices to establish a robust data protection infrastructure.

Businesses may also choose to engage independent third-party assessors to certify their data protection policies and practices through the Data Protection Trustmark (DPTM) certification as an accountability tool to demonstrate to their customers and business partners that sound data protection practices are in place to manage personal data.


Akin to brake pedals in a car, data protection provides the ‘drivers’ - in this case businesses - added assurance to accelerate at higher speeds, knowing that there are safeguards in place to mitigate any risks in a timely manner. Without it, the fear of uncertainty may often lead to businesses taking the safer but longer route to growth and innovation.

The benefits of data-driven innovation accrue to all businesses big or small, and having accountable data protection practices like these will provide businesses with a firm foundation for data-driven innovation. By building a data-driven culture based on accountability, businesses will be able to innovate with confidence and thrive amidst new technology, business models and global developments in the digital economy.