Recommended
More Related Content
What's hot
What's hot (20)
Similar to Malaysia's PDPA and GDPR Impact on MyCEB
Similar to Malaysia's PDPA and GDPR Impact on MyCEB (20)
Recently uploaded
Recently uploaded (20)
Malaysia's PDPA and GDPR Impact on MyCEB
- 1. Malaysia: Personal Data Protection Act (PDPA) 2010 Hairul Hafiz B Hasbullah Data Protection (Part 5) Impact of EU General Data Protection Regulation on MyCEB
- 2. OBJECTIVE • Refresher • The key difference between EU General Data Protection Regulation (GDPR) and PDPA 2010 • The Impact the GDPR has on Malaysia Organisations ( MyCEB) • MyCEB Personal Data Protection framework
- 3. REFRESHER What is Personal Data Information about an individual that is recorded in any form Types of Data Data Subject/ User/Processor
- 4. TYPES OF PERSONAL DATA ? • Home address • Home telephone number • Age, date of birth, gender • Blood type • Ethnicity, nation of origin, colour of skin • Religious beliefs • Health care/medical history • Marital status • Identifying numbers (NRIC) • Credit card numbers • Criminal records, fingerprints • Curriculum vitae • Educational history • Financial history • Employment information • Exact salary
- 5. WHAT IS SENSITIVE DATA? • the physical or mental health of a data subject • his political opinions • his religious beliefs • the commission by him of any offence; or • any other personal data determined by the Minister Note : can only be processed under specific circumstances set out in PDPA (including explicit consent by data subject) Any personal data consisting:
- 6. REFRESHER What is the 7 Principles? 1 General 2 Notice & Choice 3 Disclosure 4 Security 5 Retention 6 Integrity 7 Access
- 7. MyCEB PDPA POLICY AND CLAUSES
- 8. MyCEB PDPA POLICY AND CLAUSES MyCEB Website Policy
- 9. WHERE ARE WE ? Collection of Personal Data 1 Do you collect personal data about your customer 2 Do you have a personal data inventory map on ( what data is collected?/ who collects?/ where it is stored?/ who it is disclosed to? 3 When collecting personal data, do you clearly inform the individual the purpose for which it will be collected and obtain consent? 4 Do you ensure that 3rd party has obtained consent from the individuals to disclose the personal data? 5 Is there a formal process for the withdrawal of consent by individuals in respect of the collection?
- 10. WHERE ARE WE ? Use Of Personal Data 6 Do you limit the use of personal data collected to only purposes that you have obtained consent for? 7 Before data protection requirements of the PDPA come into operation, are you using the personal data only for purposes that it was collected for? Disclosure of Personal Data 8 Do you limit the disclosure of personal data collected to only purposes that you have obtained consent for?
- 11. WHERE ARE WE ? Retention Limitation 15 Is there regular data housekeeping 16 Do you remove personal data no longer needed for business or legal purposes?
- 13. BACKGROUND OF GDPR • The Data Protection Act 1998 • EU GDPR effective 25 May 2018 • 99 Articles in the Regulation GDPR
- 15. WHAT DO YOU NEED TO DO at Your Workplace ? 11 things
- 16. GDPR APPLIES TO MALAYSIA IF THEY a. have subsidiary or branch in the EU; b. Offer goods or services to individuals in the EU; or c. Monitor behaviour that takes place within EU Note: Malaysian organisations subject to the jurisdictional reach of the GDPR must appoint an EU-based representative
- 17. • Data Breach Notification within 72 hours • Appointment of data protection officer (DPO) • Introduction of the right to erasure or to be forgotten • Introduction of right to data portability • Rights related to automated decision making & profiling • Consent • Special categories (sensitive data) • Privacy notice KEY HIGHLIGHTS OF GDPR
- 18. ACTION PLAN MyCEB Implementation: Stage 2 • Forms & Agreements (Internal & External) • Person In Charge for each Division • Established Retention Policy on Data • Housekeeping & Erase(Clean up Data and update) • Provide an access for Data Subject to amend • Exercise PDPA Policy Form across the board • Amendment of website policy on PDPA • Issue emails to client on the update on the policy