Any organization that handles or processes personal data of individual residing in Singapore need to comply with the Personal Data Protection Act (PDPA). Often such responsibilities are assigned to the IT department. Many tools and techniques of ITIL, a best practice for IT service management, can be refactored for facilitating the implementation of a PDPA, thereby enabling the compliant to the law. This presentation describes how ITIL's CSI approach can be used an approach for management a PDPA program.