SlideShare a Scribd company logo

PDPA Guide Singapore

Kewal Pradhan
Kewal Pradhan

The document provides an overview of Singapore's Personal Data Protection Act (PDPA). It discusses the PDPA's nine obligations relating to the collection, use and disclosure of personal data by organizations. These include obtaining consent, limiting use to the purpose for which the data was collected, providing access to correct data, ensuring accuracy, protecting data, limiting retention, and restricting transfers. It also outlines the Do Not Call registry requirements and penalties for non-compliance. In conclusion, it notes that the registry and PDPA will come into force in 2014.

BusinessTechnologyHealth & Medicine
1 of 19
Download to read offline
1 Personal Data Protection Act (“PDPA”) Singapore
2 Agenda 1. PDPA Introduction 2. Nine Obligations relating to the Collection, Use or Disclosure 3. Do not Call (“DNC Registry”) 4. Appeals & Penalty 5. In Conclusion
3 1. PDPA Introduction a. PDPA objective is to governs the collection, use, disclosure and care of person data by organisations. b. In a manner that recognises and balances both i. The right of individuals to protect their personal data ii. The need of organisations to collect, use or disclose personal data for genuine & reasonable commercial and operational purposes. c. Organisations will be given a transitional 18 months to comply with the PDPA, before the data protection provisions enter into force (from 2- Jan-2013 projected mid-2014).
4 1. PDPA Introduction (cont..) DefinitionsDefinitionsDefinitionsDefinitions of important termsof important termsof important termsof important terms a.a.a.a. IndividualsIndividualsIndividualsIndividuals - “a natural person, whether living or deceased” b.b.b.b. Personal dataPersonal dataPersonal dataPersonal data - “data, whether true or not, about an individual who can be identified from that data; or other information to which the organisation have likely to access. c.c.c.c. OrganisationsOrganisationsOrganisationsOrganisations - “any individual, corporate bodies such as company and unincorporated bodies of persons such as associations”. d.d.d.d. CollectionCollectionCollectionCollection ---- “any act or set of acts through which an organisation obtains control over or possession of personal data”. e.e.e.e. UseUseUseUse - “any act or set of acts by which an organisation use personal data. A particular use of personal data may occasionally include collectioncollectioncollectioncollection or disclosuredisclosuredisclosuredisclosure that is necessarily part of the use”. f.f.f.f. DisclosureDisclosureDisclosureDisclosure ---- “any act or set of acts by which an organisation discloses, transfers or else makes available personal data that is under its possession to any other organisation”. g.g.g.g. PurposePurposePurposePurpose - “does not refer to activities which an organisation may intend to undertake but its objectives or reasons relating to personal data”. h.h.h.h. ReasonablenessReasonablenessReasonablenessReasonableness - “any act based on what a reasonable person would consider appropriate in the circumstances”
5 2. Nine Obligations relating to the Collection, Use & Disclose of Personal data 1) The ConsentConsentConsentConsent Obligation 2) The PurposePurposePurposePurpose Limitation Obligation 3) The NotificationNotificationNotificationNotification Obligation 4) The AccessAccessAccessAccess & Correction& Correction& Correction& Correction Obligation 5) The AccuracyAccuracyAccuracyAccuracy Obligation 6) The ProtectionProtectionProtectionProtection Obligation 7) The RetentionRetentionRetentionRetention Limitation Obligation 8) The TransferTransferTransferTransfer Limitation Obligation 9) The OpennessOpennessOpennessOpenness Obligation
6 2. Nine Obligations (cont..) 1) Consent obligationConsent obligationConsent obligationConsent obligation a. An organisation must obtain the consent of the individual before collecting, using or disclosing his personal data for a purpose. I.I.I.I. ProvisionProvisionProvisionProvision ofofofof ConsentConsentConsentConsent i. Cannot tie-up by means of product or service ii. Cannot attempt by providing false information to collect, use or disclose personal data. II.II.II.II. Deemed ofDeemed ofDeemed ofDeemed of ConsentConsentConsentConsent i. An individual voluntarily provided his personal data ii. The individual was aware of the purpose for which the personal data was collected III.III.III.III. Withdrawal ofWithdrawal ofWithdrawal ofWithdrawal of ConsentConsentConsentConsent i. An individual must give reasonable notice of the withdrawal to the organisation ii. On receipt of notice, the organisation must inform the consequences iii. An organisation will not disallow an individual from withdraw, although this does not affect any legal consequences from such withdrawal IV.IV.IV.IV. Collection, use & discloseCollection, use & discloseCollection, use & discloseCollection, use & disclose WithoutWithoutWithoutWithout ConsentConsentConsentConsent i. Generally available to public ii. National interest
7 2. Nine Obligations (cont..) 2) Purpose limitation obligationPurpose limitation obligationPurpose limitation obligationPurpose limitation obligation a. An organisation may collect, use or disclose personal data about an individual only for purposespurposespurposespurposes that a reasonable person would consider appropriate in the circumstances. b. Main objective is to ensure that organisations collect, use and disclose personal data onlyonlyonlyonly for purposes that are reasonable. ExampleExampleExampleExample:::: A fashion retailer is conducting a membership drive. It states in the membership registration form that the purposespurposespurposespurposes for which it may use the details provided by individuals who register including providing them with updates on new products and promotions. In this case, providing updates on new products and promotions may be a reasonable purpose by fashion retailers.
8 2. Nine Obligations (cont..) 3) Notification obligationNotification obligationNotification obligationNotification obligation a. An organisation must notify the individual of the purpose(s) for which it intends to collect, use or disclose the individual’s personal. b. The circumstances in which it will be collecting the personal data. c. The amount of personal data to be collected. d. The frequency at which the data will be collected. Example:Example:Example:Example: Maya signs up for a spa membership over the Internet. The terms and conditions for the spa membership outline and explain how Maya's personal data will be used and disclosed. For example, it states that Maya's address details will be used for sending her a spa membership card and other communications from the spa. Maya clicks on the “Accept” button at the bottom of the terms and conditions, to indicate her acceptance of, and agreement to, the terms and conditions. In this case, the spa has obtained Maya's consent for collection, use and disclosure of her personal data in connection with the stated purposes.
9 2. Nine Obligations (cont..) 4) Access & Correction ObligationAccess & Correction ObligationAccess & Correction ObligationAccess & Correction Obligation a. An organisation must, upon request provide an individual with his or her personal data and also Information about the ways in which the personal data may have been used or disclosed during the past year. b. Upon correction request from individual, the organisation is required to consider whether correction should be made, it will be based on reasonable grounds. c. Correct the data as soon as practicable and send the corrected personal data to every other organisation to which the personal data was disclosed by the organisation within a year before the date the correction request was made. ExampleExampleExampleExample:::: Maya makes an access request to her spa, requesting information relating to how her personal data has been used or disclosed. The request was made on 5th February 2013. The spa is only required to provide information on how her personal data has been used or disclosed with the past year – that is, the period from 6th February 2012 to the date of the request, 5th February 2013.
10 2. Nine Obligations (cont..) 5) Accuracy obligationAccuracy obligationAccuracy obligationAccuracy obligation a. An organisation must make a reasonable effort to ensure that personal data collected by or on behalf of the organisation is accurate and complete if the personal data is likely to be - i. To be used by the organisation to make a decision that affects the individual to whom the personal data relates ii. To be disclosed by the organisation to another organisation. ExampleExampleExampleExample:::: Nick applies for a home loan from a bank. The bank asks Nick to provide relevant details such as his name, address, current employment status and income, in order to assess whether to provide the loan to Nick. Related to this, the bank asks Nick to provide supporting documents including an identity document and his most recent payslip, in order to verify the information provided by Nick. It also asks Nick to declare that the information he has provided is accurate and complete. In this scenario, the bank has made a reasonable effort to ensure that the personal data collected from Nick is accurate and complete.
11 2. Nine Obligations (cont..) 6) Protection obligationProtection obligationProtection obligationProtection obligation a. An organisation must protect personal data in its possession or under its control by making reasonable security arrangements to prevent unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks. b. It might be useful for organisations to undertake a risk assessment exercise to ascertain whether their information security arrangements are adequate. Example:Example:Example:Example: In the employment context, it would be reasonable to expect a greater level of security for highly confidential employee appraisals as compared to more general information about the projects an employee has worked on.
12 2. Nine Obligations (cont..) 7) Retention limitation obligationRetention limitation obligationRetention limitation obligationRetention limitation obligation a. An organisation must cease to retain documents containing personal data, or remove the means by which the personal data can be associated with particular individuals as soon as it is reasonable to assume that: i. The purpose for which the personal data was collected is no longer being served by retention of the personal data. ii. Retention is no longer necessary for legal or business purposes iii. personal data should not be kept by an organisation “just in case” it may be needed. Example:Example:Example:Example: A dance school has collected personal data of its tutors and students. It retains and uses such data (with the consent of the individuals), even if a tutor or student is no longer with the dance school, for the purpose of maintaining an alumni network. As the dance school is retaining the personal data for a valid purpose, it is not required to cease to retain the data under the Retention Limitation Obligation.
13 2. Nine Obligations (cont..) 8) Transfer limitation obligationTransfer limitation obligationTransfer limitation obligationTransfer limitation obligation a. An organisation shall not transfer any personal data to a country or territory outside Singapore unless organisation provide a standard of protection to personal data. b. Transferring organisations must further ensure that receiving organisations have in place appropriate internal policies governing its employees, agents and sub-contractors whom have access to any personal data received by the receiving organisation from a transferring organisation.
14 2. Nine Obligations (cont..) 9) Openness obligationOpenness obligationOpenness obligationOpenness obligation a. An organisation must implement the necessary policies and procedures in order to meet its obligations under the PDPA and shall make information. b. To develop a process to receive and respond to complaints that may arise with respect to the application of the PDPA. c. To communicate with its staff informing about its data protection policies and practices d. To make information available on request about its data protection policies and practices and its process to receive and respond to complaints.
15 3. Do Not Call Registry (“DNC Registry”) a. This Act provides for the setting up of a DNC Registry, which will allow individuals to register their phone numbers to opt-out of marketing or premium service messages from organisations. b. Organisations will be required by law to check with the registry and ensure that they do not send messages to the numbers registered unless they have obtained clear and explicit consent. c. Exceptions such as messages without commercial elements would not be covered by the DNC Registry at this stage. For Example message on - Promoting Political, National Programs - Voluntary service like requesting donations, charitable causes - To provide information like warranty, security, goods deliver - To conduct Market research or market survey
16 3. Do Not Call Registry (cont..) a. DNC registry accepts registration of Singapore telephone numbers, including mobile, fixed-line, residential and business numbers but Overseas telephone numbers is not registered. b. Sending of Business-to-Business (B2B) marketing messages is not currently covered by the requirements relating to the DNC registry ExampleExampleExampleExample:::: John calls an employee of ABCD Childcare Pte Ltd (“ABCD”), Mary, through her Business contact number (which John obtained from ABCD’s website) to promote a product which he thinks ABCD would purchase for use at its childcare centres. Such a call is not a specified message for the purposes of the Do Not Call Provisions. PDPAPDPAPDPAPDPA ---- Do Not CallDo Not CallDo Not CallDo Not Call - Phone calls - Fax messages Spam Control ActSpam Control ActSpam Control ActSpam Control Act - Email - Text messages - MMS messages Physical mailPhysical mailPhysical mailPhysical mail
17 3. Do Not Call Registry (cont..)
18 4. Appeal & Penalty Enforcement AppealAppealAppealAppeal a. After the Sunrise Period, the DPC (Data protection commission) is authorised to conduct investigations to review complaints, or initiate investigations on its own accord. i. Appeal from direction or decision of Commission ii. Appeals to High Court and Court of Appeal PenaltyPenaltyPenaltyPenalty a. A District Court will have authority and power to impose the full penalty or punishment in respect of the offence. b. Any personal guilty of offenses under this act shall be liable on conviction to a fine not exceeding $10,000 or to imprisonment for a term not exceeding 3 years or both. c. In case of a continuing offence, to a further fine not exceeding $1,000 for every day. d. For Organisation a financial penalty of an amount not exceeding $1 million.
19 5. In Conclusion a.Purpose & Objective of PDPA. b.Rule and Regulation of DNC registry c.The DNC Registry is expected to be ready for public registration by early 2014 & Personal data protection coming into force in mid 2014. d.The requirement of at least one designated individual within each organisation to be responsible for compliance with the PDPA (“Data Protection Officer”)

Recommended

PDPA Compliance Preparation
PDPA Compliance PreparationPDPA Compliance Preparation
PDPA Compliance PreparationLawPlus Ltd.
 
Applying the Personal Data Protection Act (Singapore)
Applying the Personal Data Protection Act (Singapore)Applying the Personal Data Protection Act (Singapore)
Applying the Personal Data Protection Act (Singapore)Benjamin Ang
 
GDPR Introduction and overview
GDPR Introduction and overviewGDPR Introduction and overview
GDPR Introduction and overviewJane Lambert
 
Checklist for SMEs for GDPR compliance
Checklist for SMEs for GDPR complianceChecklist for SMEs for GDPR compliance
Checklist for SMEs for GDPR complianceSarah Fox
 
GDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection RegulationGDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection RegulationVicky Dallas
 
Personal Data Protection Singapore - Pdpc corporate-brochure
Personal Data Protection Singapore - Pdpc corporate-brochurePersonal Data Protection Singapore - Pdpc corporate-brochure
Personal Data Protection Singapore - Pdpc corporate-brochureJean Luc Creppy
 
Highlights of the Singapore Personal Data Protection Act 2012
Highlights of the Singapore Personal Data Protection Act 2012Highlights of the Singapore Personal Data Protection Act 2012
Highlights of the Singapore Personal Data Protection Act 2012Fuji Xerox Singapore
 
General Data Protection Regulation
General Data Protection RegulationGeneral Data Protection Regulation
General Data Protection RegulationBCC - Solutions for IBM Collaboration Software
 

Recommended

PDPA Compliance Preparation
PDPA Compliance PreparationPDPA Compliance Preparation
PDPA Compliance PreparationLawPlus Ltd.
 
Applying the Personal Data Protection Act (Singapore)
Applying the Personal Data Protection Act (Singapore)Applying the Personal Data Protection Act (Singapore)
Applying the Personal Data Protection Act (Singapore)Benjamin Ang
 
GDPR Introduction and overview
GDPR Introduction and overviewGDPR Introduction and overview
GDPR Introduction and overviewJane Lambert
 
Checklist for SMEs for GDPR compliance
Checklist for SMEs for GDPR complianceChecklist for SMEs for GDPR compliance
Checklist for SMEs for GDPR complianceSarah Fox
 
GDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection RegulationGDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection RegulationVicky Dallas
 
Personal Data Protection Singapore - Pdpc corporate-brochure
Personal Data Protection Singapore - Pdpc corporate-brochurePersonal Data Protection Singapore - Pdpc corporate-brochure
Personal Data Protection Singapore - Pdpc corporate-brochureJean Luc Creppy
 
Highlights of the Singapore Personal Data Protection Act 2012
Highlights of the Singapore Personal Data Protection Act 2012Highlights of the Singapore Personal Data Protection Act 2012
Highlights of the Singapore Personal Data Protection Act 2012Fuji Xerox Singapore
 
General Data Protection Regulation
General Data Protection RegulationGeneral Data Protection Regulation
General Data Protection RegulationBCC - Solutions for IBM Collaboration Software
 
Data Protection (Download for slideshow)
Data Protection (Download for slideshow)Data Protection (Download for slideshow)
Data Protection (Download for slideshow)Andrew Sharpe
 
The principles of the Data Protection Act in detail - uk
The principles of the Data Protection Act in detail - ukThe principles of the Data Protection Act in detail - uk
The principles of the Data Protection Act in detail - uk- Mark - Fullbright
 
Complying with Singapore Personal Data Protection Act - A Practical Guide
Complying with Singapore Personal Data Protection Act - A Practical GuideComplying with Singapore Personal Data Protection Act - A Practical Guide
Complying with Singapore Personal Data Protection Act - A Practical GuideDaniel Li
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) Kimberly Simon MBA
 
GDPR Presentation slides
GDPR Presentation slidesGDPR Presentation slides
GDPR Presentation slidesNaomi Holmes
 
GDPR for Dummies
GDPR for DummiesGDPR for Dummies
GDPR for DummiesCaroline Boscher
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)Extentia Information Technology
 
DCH Data Protection Training Presentation
DCH Data Protection Training PresentationDCH Data Protection Training Presentation
DCH Data Protection Training PresentationMark Gracey
 
GDPR and Personal Data Transfers 1.1.pdf
GDPR and Personal Data Transfers 1.1.pdfGDPR and Personal Data Transfers 1.1.pdf
GDPR and Personal Data Transfers 1.1.pdfAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Data Protection Act
Data Protection ActData Protection Act
Data Protection Actmrmwood
 
GDPR: Training Materials by Qualsys
GDPR: Training Materials by QualsysGDPR: Training Materials by Qualsys
GDPR: Training Materials by QualsysQualsys Ltd
 
Understanding the EU's new General Data Protection Regulation (GDPR)
Understanding the EU's new General Data Protection Regulation (GDPR)Understanding the EU's new General Data Protection Regulation (GDPR)
Understanding the EU's new General Data Protection Regulation (GDPR)Acquia
 
GDPR Presentation
GDPR PresentationGDPR Presentation
GDPR PresentationCILIP Ireland
 
BigID GDPR Compliance Automation Webinar Slides
BigID GDPR Compliance Automation Webinar SlidesBigID GDPR Compliance Automation Webinar Slides
BigID GDPR Compliance Automation Webinar SlidesDimitri Sirota
 
GDPR and Security.pdf
GDPR and Security.pdfGDPR and Security.pdf
GDPR and Security.pdfAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Slides dr farah jameel's gdpr presentation april 2018
Slides dr farah jameel's gdpr presentation april 2018Slides dr farah jameel's gdpr presentation april 2018
Slides dr farah jameel's gdpr presentation april 2018amirhannan
 
[Presentation] GDPR - How to Ensure Compliance
[Presentation] GDPR - How to Ensure Compliance[Presentation] GDPR - How to Ensure Compliance
[Presentation] GDPR - How to Ensure ComplianceAIIM International
 
Data privacy impact assessment
Data privacy impact assessmentData privacy impact assessment
Data privacy impact assessmentStephen Owen
 
Presentation on GDPR
Presentation on GDPRPresentation on GDPR
Presentation on GDPRDipanjanDey12
 
Handling information Standard by Skills for Care
Handling information Standard by Skills for CareHandling information Standard by Skills for Care
Handling information Standard by Skills for CareAtlantic Training, LLC.
 
Personal data Protection Act Singapore How-to Perform Assessment
Personal data Protection Act Singapore How-to Perform AssessmentPersonal data Protection Act Singapore How-to Perform Assessment
Personal data Protection Act Singapore How-to Perform AssessmentJean Luc Creppy
 
Half day public-seminar_on_pdpa_2010_-_250711
Half day public-seminar_on_pdpa_2010_-_250711Half day public-seminar_on_pdpa_2010_-_250711
Half day public-seminar_on_pdpa_2010_-_250711Quotient Consulting
 

More Related Content

What's hot

Data Protection (Download for slideshow)
Data Protection (Download for slideshow)Data Protection (Download for slideshow)
Data Protection (Download for slideshow)Andrew Sharpe
 
The principles of the Data Protection Act in detail - uk
The principles of the Data Protection Act in detail - ukThe principles of the Data Protection Act in detail - uk
The principles of the Data Protection Act in detail - uk- Mark - Fullbright
 
Complying with Singapore Personal Data Protection Act - A Practical Guide
Complying with Singapore Personal Data Protection Act - A Practical GuideComplying with Singapore Personal Data Protection Act - A Practical Guide
Complying with Singapore Personal Data Protection Act - A Practical GuideDaniel Li
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) Kimberly Simon MBA
 
GDPR Presentation slides
GDPR Presentation slidesGDPR Presentation slides
GDPR Presentation slidesNaomi Holmes
 
DCH Data Protection Training Presentation
DCH Data Protection Training PresentationDCH Data Protection Training Presentation
DCH Data Protection Training PresentationMark Gracey
 
Data Protection Act
Data Protection ActData Protection Act
Data Protection Actmrmwood
 
GDPR: Training Materials by Qualsys
GDPR: Training Materials by QualsysGDPR: Training Materials by Qualsys
GDPR: Training Materials by QualsysQualsys Ltd
 
Understanding the EU's new General Data Protection Regulation (GDPR)
Understanding the EU's new General Data Protection Regulation (GDPR)Understanding the EU's new General Data Protection Regulation (GDPR)
Understanding the EU's new General Data Protection Regulation (GDPR)Acquia
 
BigID GDPR Compliance Automation Webinar Slides
BigID GDPR Compliance Automation Webinar SlidesBigID GDPR Compliance Automation Webinar Slides
BigID GDPR Compliance Automation Webinar SlidesDimitri Sirota
 
Slides dr farah jameel's gdpr presentation april 2018
Slides dr farah jameel's gdpr presentation april 2018Slides dr farah jameel's gdpr presentation april 2018
Slides dr farah jameel's gdpr presentation april 2018amirhannan
 
[Presentation] GDPR - How to Ensure Compliance
[Presentation] GDPR - How to Ensure Compliance[Presentation] GDPR - How to Ensure Compliance
[Presentation] GDPR - How to Ensure ComplianceAIIM International
 
Data privacy impact assessment
Data privacy impact assessmentData privacy impact assessment
Data privacy impact assessmentStephen Owen
 
Presentation on GDPR
Presentation on GDPRPresentation on GDPR
Presentation on GDPRDipanjanDey12
 
Handling information Standard by Skills for Care
Handling information Standard by Skills for CareHandling information Standard by Skills for Care
Handling information Standard by Skills for CareAtlantic Training, LLC.
 

What's hot (20)

Data Protection (Download for slideshow)
Data Protection (Download for slideshow)Data Protection (Download for slideshow)
Data Protection (Download for slideshow)
 
The principles of the Data Protection Act in detail - uk
The principles of the Data Protection Act in detail - ukThe principles of the Data Protection Act in detail - uk
The principles of the Data Protection Act in detail - uk
 
Complying with Singapore Personal Data Protection Act - A Practical Guide
Complying with Singapore Personal Data Protection Act - A Practical GuideComplying with Singapore Personal Data Protection Act - A Practical Guide
Complying with Singapore Personal Data Protection Act - A Practical Guide
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
 
GDPR Presentation slides
GDPR Presentation slidesGDPR Presentation slides
GDPR Presentation slides
 
GDPR for Dummies
GDPR for DummiesGDPR for Dummies
GDPR for Dummies
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
 
DCH Data Protection Training Presentation
DCH Data Protection Training PresentationDCH Data Protection Training Presentation
DCH Data Protection Training Presentation
 
GDPR and Personal Data Transfers 1.1.pdf
GDPR and Personal Data Transfers 1.1.pdfGDPR and Personal Data Transfers 1.1.pdf
GDPR and Personal Data Transfers 1.1.pdf
 
Data Protection Act
Data Protection ActData Protection Act
Data Protection Act
 
GDPR: Training Materials by Qualsys
GDPR: Training Materials by QualsysGDPR: Training Materials by Qualsys
GDPR: Training Materials by Qualsys
 
Understanding the EU's new General Data Protection Regulation (GDPR)
Understanding the EU's new General Data Protection Regulation (GDPR)Understanding the EU's new General Data Protection Regulation (GDPR)
Understanding the EU's new General Data Protection Regulation (GDPR)
 
GDPR Presentation
GDPR PresentationGDPR Presentation
GDPR Presentation
 
BigID GDPR Compliance Automation Webinar Slides
BigID GDPR Compliance Automation Webinar SlidesBigID GDPR Compliance Automation Webinar Slides
BigID GDPR Compliance Automation Webinar Slides
 
GDPR and Security.pdf
GDPR and Security.pdfGDPR and Security.pdf
GDPR and Security.pdf
 
Slides dr farah jameel's gdpr presentation april 2018
Slides dr farah jameel's gdpr presentation april 2018Slides dr farah jameel's gdpr presentation april 2018
Slides dr farah jameel's gdpr presentation april 2018
 
[Presentation] GDPR - How to Ensure Compliance
[Presentation] GDPR - How to Ensure Compliance[Presentation] GDPR - How to Ensure Compliance
[Presentation] GDPR - How to Ensure Compliance
 
Data privacy impact assessment
Data privacy impact assessmentData privacy impact assessment
Data privacy impact assessment
 
Presentation on GDPR
Presentation on GDPRPresentation on GDPR
Presentation on GDPR
 
Handling information Standard by Skills for Care
Handling information Standard by Skills for CareHandling information Standard by Skills for Care
Handling information Standard by Skills for Care
 

Viewers also liked

Personal data Protection Act Singapore How-to Perform Assessment
Personal data Protection Act Singapore How-to Perform AssessmentPersonal data Protection Act Singapore How-to Perform Assessment
Personal data Protection Act Singapore How-to Perform AssessmentJean Luc Creppy
 
Half day public-seminar_on_pdpa_2010_-_250711
Half day public-seminar_on_pdpa_2010_-_250711Half day public-seminar_on_pdpa_2010_-_250711
Half day public-seminar_on_pdpa_2010_-_250711Quotient Consulting
 
1430 mr andrew fung insights from tafep’s initiatives and research on effec...
1430 mr andrew fung insights from tafep’s initiatives and research on effec...1430 mr andrew fung insights from tafep’s initiatives and research on effec...
1430 mr andrew fung insights from tafep’s initiatives and research on effec...Age Friendly Workforce Asia
 
Dirección administrativa
Dirección administrativa Dirección administrativa
Dirección administrativa ivanna mora
 
Employment Fair Fg Presentation(5)
Employment Fair Fg Presentation(5)Employment Fair Fg Presentation(5)
Employment Fair Fg Presentation(5)theemployer
 
Personal Data Protection in Malaysia
Personal Data Protection in MalaysiaPersonal Data Protection in Malaysia
Personal Data Protection in Malaysiakhenghoe
 
Data Protection & Privacy in Malaysian Total Hospital Information System
Data Protection & Privacy in Malaysian Total Hospital Information SystemData Protection & Privacy in Malaysian Total Hospital Information System
Data Protection & Privacy in Malaysian Total Hospital Information SystemQuotient Consulting
 
Personal Data Protection for your Church
Personal Data Protection for your ChurchPersonal Data Protection for your Church
Personal Data Protection for your ChurchBenjamin Ck Ang
 
Personal Data Protection Act - Employee Data Privacy
Personal Data Protection Act - Employee Data PrivacyPersonal Data Protection Act - Employee Data Privacy
Personal Data Protection Act - Employee Data PrivacylegalPadmin
 
May 11, 2012 1ID Weekly News Update
May 11, 2012 1ID Weekly News UpdateMay 11, 2012 1ID Weekly News Update
May 11, 2012 1ID Weekly News UpdateNoel Waterman
 
Hanchate Property Solutions - Company Profile
Hanchate Property Solutions - Company ProfileHanchate Property Solutions - Company Profile
Hanchate Property Solutions - Company ProfileVinayak Hanchate
 
Government Parties May Benefit from Recovering Economy - RED C SBP Poll Sep 2014
Government Parties May Benefit from Recovering Economy - RED C SBP Poll Sep 2014Government Parties May Benefit from Recovering Economy - RED C SBP Poll Sep 2014
Government Parties May Benefit from Recovering Economy - RED C SBP Poll Sep 2014Richard Colwell
 
նետբուք
նետբուքնետբուք
նետբուքShoxikJB
 
Str8ts Weekly Extreme #36 - Solution
Str8ts Weekly Extreme #36 - SolutionStr8ts Weekly Extreme #36 - Solution
Str8ts Weekly Extreme #36 - SolutionSlowThinker
 
Benfits of RSC membership
Benfits of RSC membershipBenfits of RSC membership
Benfits of RSC membershipTeam MyRSC
 
כלי הבדיקות שיעשו לכם את החיים קלים יותר
כלי הבדיקות שיעשו לכם את החיים קלים יותר כלי הבדיקות שיעשו לכם את החיים קלים יותר
כלי הבדיקות שיעשו לכם את החיים קלים יותר tactqa
 
Beware of Phishing Scams
Beware of Phishing ScamsBeware of Phishing Scams
Beware of Phishing ScamsNoel Waterman
 
31 July 2012 1HBCT Weekly News Update
31 July 2012 1HBCT Weekly News Update31 July 2012 1HBCT Weekly News Update
31 July 2012 1HBCT Weekly News UpdateNoel Waterman
 

Viewers also liked (20)

Personal data Protection Act Singapore How-to Perform Assessment
Personal data Protection Act Singapore How-to Perform AssessmentPersonal data Protection Act Singapore How-to Perform Assessment
Personal data Protection Act Singapore How-to Perform Assessment
 
Half day public-seminar_on_pdpa_2010_-_250711
Half day public-seminar_on_pdpa_2010_-_250711Half day public-seminar_on_pdpa_2010_-_250711
Half day public-seminar_on_pdpa_2010_-_250711
 
1430 mr andrew fung insights from tafep’s initiatives and research on effec...
1430 mr andrew fung insights from tafep’s initiatives and research on effec...1430 mr andrew fung insights from tafep’s initiatives and research on effec...
1430 mr andrew fung insights from tafep’s initiatives and research on effec...
 
Dirección administrativa
Dirección administrativa Dirección administrativa
Dirección administrativa
 
Employment Fair Fg Presentation(5)
Employment Fair Fg Presentation(5)Employment Fair Fg Presentation(5)
Employment Fair Fg Presentation(5)
 
Personal Data Protection in Malaysia
Personal Data Protection in MalaysiaPersonal Data Protection in Malaysia
Personal Data Protection in Malaysia
 
Data Protection & Privacy in Malaysian Total Hospital Information System
Data Protection & Privacy in Malaysian Total Hospital Information SystemData Protection & Privacy in Malaysian Total Hospital Information System
Data Protection & Privacy in Malaysian Total Hospital Information System
 
Personal Data Protection for your Church
Personal Data Protection for your ChurchPersonal Data Protection for your Church
Personal Data Protection for your Church
 
Personal Data Protection Act - Employee Data Privacy
Personal Data Protection Act - Employee Data PrivacyPersonal Data Protection Act - Employee Data Privacy
Personal Data Protection Act - Employee Data Privacy
 
May 11, 2012 1ID Weekly News Update
May 11, 2012 1ID Weekly News UpdateMay 11, 2012 1ID Weekly News Update
May 11, 2012 1ID Weekly News Update
 
Hanchate Property Solutions - Company Profile
Hanchate Property Solutions - Company ProfileHanchate Property Solutions - Company Profile
Hanchate Property Solutions - Company Profile
 
Government Parties May Benefit from Recovering Economy - RED C SBP Poll Sep 2014
Government Parties May Benefit from Recovering Economy - RED C SBP Poll Sep 2014Government Parties May Benefit from Recovering Economy - RED C SBP Poll Sep 2014
Government Parties May Benefit from Recovering Economy - RED C SBP Poll Sep 2014
 
Kelley personal brand 03.27.13
Kelley personal brand 03.27.13Kelley personal brand 03.27.13
Kelley personal brand 03.27.13
 
նետբուք
նետբուքնետբուք
նետբուք
 
Program tahunan
Program tahunanProgram tahunan
Program tahunan
 
Str8ts Weekly Extreme #36 - Solution
Str8ts Weekly Extreme #36 - SolutionStr8ts Weekly Extreme #36 - Solution
Str8ts Weekly Extreme #36 - Solution
 
Benfits of RSC membership
Benfits of RSC membershipBenfits of RSC membership
Benfits of RSC membership
 
כלי הבדיקות שיעשו לכם את החיים קלים יותר
כלי הבדיקות שיעשו לכם את החיים קלים יותר כלי הבדיקות שיעשו לכם את החיים קלים יותר
כלי הבדיקות שיעשו לכם את החיים קלים יותר
 
Beware of Phishing Scams
Beware of Phishing ScamsBeware of Phishing Scams
Beware of Phishing Scams
 
31 July 2012 1HBCT Weekly News Update
31 July 2012 1HBCT Weekly News Update31 July 2012 1HBCT Weekly News Update
31 July 2012 1HBCT Weekly News Update
 

Similar to PDPA Guide Singapore

New opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulationsNew opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulationsUlf Mattsson
 
By 23 February 2018 we will have new mandatory data breach reporting obligati...
By 23 February 2018 we will have new mandatory data breach reporting obligati...By 23 February 2018 we will have new mandatory data breach reporting obligati...
By 23 February 2018 we will have new mandatory data breach reporting obligati...LJ Gilland Real Estate Pty Ltd
 
Top 10 GDPR Requirements
Top 10 GDPR RequirementsTop 10 GDPR Requirements
Top 10 GDPR RequirementsRusty Stanberry
 
European Union Privacy Law - General Data Protection Regulation Checklist
European Union Privacy Law - General Data Protection Regulation ChecklistEuropean Union Privacy Law - General Data Protection Regulation Checklist
European Union Privacy Law - General Data Protection Regulation ChecklistChristina Gagnier
 
Understanding GDPR: A Comprehensive Guide to Data Protection
Understanding GDPR: A Comprehensive Guide to Data ProtectionUnderstanding GDPR: A Comprehensive Guide to Data Protection
Understanding GDPR: A Comprehensive Guide to Data ProtectionShyamMishra72
 
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsPriyanka Aash
 
GDPR Cheat Sheet
GDPR Cheat SheetGDPR Cheat Sheet
GDPR Cheat SheetTorii
 
The Summary Guide to Compliance with the Kenya Data Protection Law
The Summary Guide to Compliance with the Kenya Data Protection Law The Summary Guide to Compliance with the Kenya Data Protection Law
The Summary Guide to Compliance with the Kenya Data Protection Law Owako Rodah
 
GDPR and Analytics
GDPR and AnalyticsGDPR and Analytics
GDPR and Analyticsbrunomase
 
Data protection training emea new joiners. mandatory quiz
Data protection training emea new joiners. mandatory quizData protection training emea new joiners. mandatory quiz
Data protection training emea new joiners. mandatory quizDeborahchiesa
 
Navigating the Data Privacy Landscape — Cyberroot Risk Advisory
Navigating the Data Privacy Landscape — Cyberroot Risk AdvisoryNavigating the Data Privacy Landscape — Cyberroot Risk Advisory
Navigating the Data Privacy Landscape — Cyberroot Risk AdvisoryCR Group
 
Gain Visibility & Control of IT Assets in a Perimeterless World
Gain Visibility & Control of IT Assets in a Perimeterless WorldGain Visibility & Control of IT Assets in a Perimeterless World
Gain Visibility & Control of IT Assets in a Perimeterless WorldQualys
 

Similar to PDPA Guide Singapore (20)

New opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulationsNew opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulations
 
Can we ask that
Can we ask thatCan we ask that
Can we ask that
 
Privacy Needs to be Personal
Privacy Needs to be PersonalPrivacy Needs to be Personal
Privacy Needs to be Personal
 
By 23 February 2018 we will have new mandatory data breach reporting obligati...
By 23 February 2018 we will have new mandatory data breach reporting obligati...By 23 February 2018 we will have new mandatory data breach reporting obligati...
By 23 February 2018 we will have new mandatory data breach reporting obligati...
 
Top 10 GDPR Requirements
Top 10 GDPR RequirementsTop 10 GDPR Requirements
Top 10 GDPR Requirements
 
European Union Privacy Law - General Data Protection Regulation Checklist
European Union Privacy Law - General Data Protection Regulation ChecklistEuropean Union Privacy Law - General Data Protection Regulation Checklist
European Union Privacy Law - General Data Protection Regulation Checklist
 
Understanding GDPR: A Comprehensive Guide to Data Protection
Understanding GDPR: A Comprehensive Guide to Data ProtectionUnderstanding GDPR: A Comprehensive Guide to Data Protection
Understanding GDPR: A Comprehensive Guide to Data Protection
 
Dpl november colombia
Dpl november colombiaDpl november colombia
Dpl november colombia
 
GPDR_Get-Data-Protection-Right
GPDR_Get-Data-Protection-RightGPDR_Get-Data-Protection-Right
GPDR_Get-Data-Protection-Right
 
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
 
GDPR Cheat Sheet
GDPR Cheat SheetGDPR Cheat Sheet
GDPR Cheat Sheet
 
The Summary Guide to Compliance with the Kenya Data Protection Law
The Summary Guide to Compliance with the Kenya Data Protection Law The Summary Guide to Compliance with the Kenya Data Protection Law
The Summary Guide to Compliance with the Kenya Data Protection Law
 
Privacy Access Letter I Feb 5 07
Privacy Access Letter I Feb 5 07Privacy Access Letter I Feb 5 07
Privacy Access Letter I Feb 5 07
 
GDPR: how IT works
GDPR: how IT worksGDPR: how IT works
GDPR: how IT works
 
GDPR and Analytics
GDPR and AnalyticsGDPR and Analytics
GDPR and Analytics
 
Data protection training emea new joiners. mandatory quiz
Data protection training emea new joiners. mandatory quizData protection training emea new joiners. mandatory quiz
Data protection training emea new joiners. mandatory quiz
 
National Volunteering Forum: May18
National Volunteering Forum: May18National Volunteering Forum: May18
National Volunteering Forum: May18
 
Navigating the Data Privacy Landscape — Cyberroot Risk Advisory
Navigating the Data Privacy Landscape — Cyberroot Risk AdvisoryNavigating the Data Privacy Landscape — Cyberroot Risk Advisory
Navigating the Data Privacy Landscape — Cyberroot Risk Advisory
 
Data Protection: Process Information
Data Protection: Process InformationData Protection: Process Information
Data Protection: Process Information
 
Gain Visibility & Control of IT Assets in a Perimeterless World
Gain Visibility & Control of IT Assets in a Perimeterless WorldGain Visibility & Control of IT Assets in a Perimeterless World
Gain Visibility & Control of IT Assets in a Perimeterless World
 

Recently uploaded

VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒anilsa9823
 
Regression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRegression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRavindra Nath Shukla
 
Pharma Works Profile of Karan Communications
Pharma Works Profile of Karan CommunicationsPharma Works Profile of Karan Communications
Pharma Works Profile of Karan Communicationskarancommunications
 
Monte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMMonte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMRavindra Nath Shukla
 
Sales & Marketing Alignment: How to Synergize for Success
Sales & Marketing Alignment: How to Synergize for SuccessSales & Marketing Alignment: How to Synergize for Success
Sales & Marketing Alignment: How to Synergize for SuccessAggregage
 
M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.Aaiza Hassan
 
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...lizamodels9
 
Insurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageInsurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageMatteo Carbone
 
7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...Paul Menig
 
Eni 2024 1Q Results - 24.04.24 business.
Eni 2024 1Q Results - 24.04.24 business.Eni 2024 1Q Results - 24.04.24 business.
Eni 2024 1Q Results - 24.04.24 business.Eni
 
Keppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation SlidesKeppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation SlidesKeppelCorporation
 
GD Birla and his contribution in management
GD Birla and his contribution in managementGD Birla and his contribution in management
GD Birla and his contribution in managementchhavia330
 
Progress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst SummitProgress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst SummitHolger Mueller
 
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With RoomVIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With Roomdivyansh0kumar0
 
The Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case studyThe Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case studyEthan lee
 
BEST ✨ Call Girls In Indirapuram Ghaziabad ✔️ 9871031762 ✔️ Escorts Service...
BEST ✨ Call Girls In Indirapuram Ghaziabad ✔️ 9871031762 ✔️ Escorts Service...BEST ✨ Call Girls In Indirapuram Ghaziabad ✔️ 9871031762 ✔️ Escorts Service...
BEST ✨ Call Girls In Indirapuram Ghaziabad ✔️ 9871031762 ✔️ Escorts Service...noida100girls
 
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature SetCreating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature SetDenis Gagné
 
Catalogue ONG NƯỚC uPVC - HDPE DE NHAT.pdf
Catalogue ONG NƯỚC uPVC - HDPE DE NHAT.pdfCatalogue ONG NƯỚC uPVC - HDPE DE NHAT.pdf
Catalogue ONG NƯỚC uPVC - HDPE DE NHAT.pdfOrient Homes
 
DEPED Work From Home WORKWEEK-PLAN.docx
DEPED Work From Home WORKWEEK-PLAN.docxDEPED Work From Home WORKWEEK-PLAN.docx
DEPED Work From Home WORKWEEK-PLAN.docxRodelinaLaud
 

Recently uploaded (20)

VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
 
Regression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRegression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear Regression
 
Pharma Works Profile of Karan Communications
Pharma Works Profile of Karan CommunicationsPharma Works Profile of Karan Communications
Pharma Works Profile of Karan Communications
 
Monte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMMonte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSM
 
Sales & Marketing Alignment: How to Synergize for Success
Sales & Marketing Alignment: How to Synergize for SuccessSales & Marketing Alignment: How to Synergize for Success
Sales & Marketing Alignment: How to Synergize for Success
 
M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.
 
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
 
Insurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageInsurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usage
 
7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...
 
Eni 2024 1Q Results - 24.04.24 business.
Eni 2024 1Q Results - 24.04.24 business.Eni 2024 1Q Results - 24.04.24 business.
Eni 2024 1Q Results - 24.04.24 business.
 
Keppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation SlidesKeppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation Slides
 
GD Birla and his contribution in management
GD Birla and his contribution in managementGD Birla and his contribution in management
GD Birla and his contribution in management
 
Progress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst SummitProgress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst Summit
 
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With RoomVIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
 
The Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case studyThe Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case study
 
BEST ✨ Call Girls In Indirapuram Ghaziabad ✔️ 9871031762 ✔️ Escorts Service...
BEST ✨ Call Girls In Indirapuram Ghaziabad ✔️ 9871031762 ✔️ Escorts Service...BEST ✨ Call Girls In Indirapuram Ghaziabad ✔️ 9871031762 ✔️ Escorts Service...
BEST ✨ Call Girls In Indirapuram Ghaziabad ✔️ 9871031762 ✔️ Escorts Service...
 
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature SetCreating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
 
Forklift Operations: Safety through Cartoons
Forklift Operations: Safety through CartoonsForklift Operations: Safety through Cartoons
Forklift Operations: Safety through Cartoons
 
Catalogue ONG NƯỚC uPVC - HDPE DE NHAT.pdf
Catalogue ONG NƯỚC uPVC - HDPE DE NHAT.pdfCatalogue ONG NƯỚC uPVC - HDPE DE NHAT.pdf
Catalogue ONG NƯỚC uPVC - HDPE DE NHAT.pdf
 
DEPED Work From Home WORKWEEK-PLAN.docx
DEPED Work From Home WORKWEEK-PLAN.docxDEPED Work From Home WORKWEEK-PLAN.docx
DEPED Work From Home WORKWEEK-PLAN.docx
 

PDPA Guide Singapore

  • 2. 2 Agenda 1. PDPA Introduction 2. Nine Obligations relating to the Collection, Use or Disclosure 3. Do not Call (“DNC Registry”) 4. Appeals & Penalty 5. In Conclusion
  • 3. 3 1. PDPA Introduction a. PDPA objective is to governs the collection, use, disclosure and care of person data by organisations. b. In a manner that recognises and balances both i. The right of individuals to protect their personal data ii. The need of organisations to collect, use or disclose personal data for genuine & reasonable commercial and operational purposes. c. Organisations will be given a transitional 18 months to comply with the PDPA, before the data protection provisions enter into force (from 2- Jan-2013 projected mid-2014).
  • 4. 4 1. PDPA Introduction (cont..) DefinitionsDefinitionsDefinitionsDefinitions of important termsof important termsof important termsof important terms a.a.a.a. IndividualsIndividualsIndividualsIndividuals - “a natural person, whether living or deceased” b.b.b.b. Personal dataPersonal dataPersonal dataPersonal data - “data, whether true or not, about an individual who can be identified from that data; or other information to which the organisation have likely to access. c.c.c.c. OrganisationsOrganisationsOrganisationsOrganisations - “any individual, corporate bodies such as company and unincorporated bodies of persons such as associations”. d.d.d.d. CollectionCollectionCollectionCollection ---- “any act or set of acts through which an organisation obtains control over or possession of personal data”. e.e.e.e. UseUseUseUse - “any act or set of acts by which an organisation use personal data. A particular use of personal data may occasionally include collectioncollectioncollectioncollection or disclosuredisclosuredisclosuredisclosure that is necessarily part of the use”. f.f.f.f. DisclosureDisclosureDisclosureDisclosure ---- “any act or set of acts by which an organisation discloses, transfers or else makes available personal data that is under its possession to any other organisation”. g.g.g.g. PurposePurposePurposePurpose - “does not refer to activities which an organisation may intend to undertake but its objectives or reasons relating to personal data”. h.h.h.h. ReasonablenessReasonablenessReasonablenessReasonableness - “any act based on what a reasonable person would consider appropriate in the circumstances”
  • 5. 5 2. Nine Obligations relating to the Collection, Use & Disclose of Personal data 1) The ConsentConsentConsentConsent Obligation 2) The PurposePurposePurposePurpose Limitation Obligation 3) The NotificationNotificationNotificationNotification Obligation 4) The AccessAccessAccessAccess & Correction& Correction& Correction& Correction Obligation 5) The AccuracyAccuracyAccuracyAccuracy Obligation 6) The ProtectionProtectionProtectionProtection Obligation 7) The RetentionRetentionRetentionRetention Limitation Obligation 8) The TransferTransferTransferTransfer Limitation Obligation 9) The OpennessOpennessOpennessOpenness Obligation
  • 6. 6 2. Nine Obligations (cont..) 1) Consent obligationConsent obligationConsent obligationConsent obligation a. An organisation must obtain the consent of the individual before collecting, using or disclosing his personal data for a purpose. I.I.I.I. ProvisionProvisionProvisionProvision ofofofof ConsentConsentConsentConsent i. Cannot tie-up by means of product or service ii. Cannot attempt by providing false information to collect, use or disclose personal data. II.II.II.II. Deemed ofDeemed ofDeemed ofDeemed of ConsentConsentConsentConsent i. An individual voluntarily provided his personal data ii. The individual was aware of the purpose for which the personal data was collected III.III.III.III. Withdrawal ofWithdrawal ofWithdrawal ofWithdrawal of ConsentConsentConsentConsent i. An individual must give reasonable notice of the withdrawal to the organisation ii. On receipt of notice, the organisation must inform the consequences iii. An organisation will not disallow an individual from withdraw, although this does not affect any legal consequences from such withdrawal IV.IV.IV.IV. Collection, use & discloseCollection, use & discloseCollection, use & discloseCollection, use & disclose WithoutWithoutWithoutWithout ConsentConsentConsentConsent i. Generally available to public ii. National interest
  • 7. 7 2. Nine Obligations (cont..) 2) Purpose limitation obligationPurpose limitation obligationPurpose limitation obligationPurpose limitation obligation a. An organisation may collect, use or disclose personal data about an individual only for purposespurposespurposespurposes that a reasonable person would consider appropriate in the circumstances. b. Main objective is to ensure that organisations collect, use and disclose personal data onlyonlyonlyonly for purposes that are reasonable. ExampleExampleExampleExample:::: A fashion retailer is conducting a membership drive. It states in the membership registration form that the purposespurposespurposespurposes for which it may use the details provided by individuals who register including providing them with updates on new products and promotions. In this case, providing updates on new products and promotions may be a reasonable purpose by fashion retailers.
  • 8. 8 2. Nine Obligations (cont..) 3) Notification obligationNotification obligationNotification obligationNotification obligation a. An organisation must notify the individual of the purpose(s) for which it intends to collect, use or disclose the individual’s personal. b. The circumstances in which it will be collecting the personal data. c. The amount of personal data to be collected. d. The frequency at which the data will be collected. Example:Example:Example:Example: Maya signs up for a spa membership over the Internet. The terms and conditions for the spa membership outline and explain how Maya's personal data will be used and disclosed. For example, it states that Maya's address details will be used for sending her a spa membership card and other communications from the spa. Maya clicks on the “Accept” button at the bottom of the terms and conditions, to indicate her acceptance of, and agreement to, the terms and conditions. In this case, the spa has obtained Maya's consent for collection, use and disclosure of her personal data in connection with the stated purposes.
  • 9. 9 2. Nine Obligations (cont..) 4) Access & Correction ObligationAccess & Correction ObligationAccess & Correction ObligationAccess & Correction Obligation a. An organisation must, upon request provide an individual with his or her personal data and also Information about the ways in which the personal data may have been used or disclosed during the past year. b. Upon correction request from individual, the organisation is required to consider whether correction should be made, it will be based on reasonable grounds. c. Correct the data as soon as practicable and send the corrected personal data to every other organisation to which the personal data was disclosed by the organisation within a year before the date the correction request was made. ExampleExampleExampleExample:::: Maya makes an access request to her spa, requesting information relating to how her personal data has been used or disclosed. The request was made on 5th February 2013. The spa is only required to provide information on how her personal data has been used or disclosed with the past year – that is, the period from 6th February 2012 to the date of the request, 5th February 2013.
  • 10. 10 2. Nine Obligations (cont..) 5) Accuracy obligationAccuracy obligationAccuracy obligationAccuracy obligation a. An organisation must make a reasonable effort to ensure that personal data collected by or on behalf of the organisation is accurate and complete if the personal data is likely to be - i. To be used by the organisation to make a decision that affects the individual to whom the personal data relates ii. To be disclosed by the organisation to another organisation. ExampleExampleExampleExample:::: Nick applies for a home loan from a bank. The bank asks Nick to provide relevant details such as his name, address, current employment status and income, in order to assess whether to provide the loan to Nick. Related to this, the bank asks Nick to provide supporting documents including an identity document and his most recent payslip, in order to verify the information provided by Nick. It also asks Nick to declare that the information he has provided is accurate and complete. In this scenario, the bank has made a reasonable effort to ensure that the personal data collected from Nick is accurate and complete.
  • 11. 11 2. Nine Obligations (cont..) 6) Protection obligationProtection obligationProtection obligationProtection obligation a. An organisation must protect personal data in its possession or under its control by making reasonable security arrangements to prevent unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks. b. It might be useful for organisations to undertake a risk assessment exercise to ascertain whether their information security arrangements are adequate. Example:Example:Example:Example: In the employment context, it would be reasonable to expect a greater level of security for highly confidential employee appraisals as compared to more general information about the projects an employee has worked on.
  • 12. 12 2. Nine Obligations (cont..) 7) Retention limitation obligationRetention limitation obligationRetention limitation obligationRetention limitation obligation a. An organisation must cease to retain documents containing personal data, or remove the means by which the personal data can be associated with particular individuals as soon as it is reasonable to assume that: i. The purpose for which the personal data was collected is no longer being served by retention of the personal data. ii. Retention is no longer necessary for legal or business purposes iii. personal data should not be kept by an organisation “just in case” it may be needed. Example:Example:Example:Example: A dance school has collected personal data of its tutors and students. It retains and uses such data (with the consent of the individuals), even if a tutor or student is no longer with the dance school, for the purpose of maintaining an alumni network. As the dance school is retaining the personal data for a valid purpose, it is not required to cease to retain the data under the Retention Limitation Obligation.
  • 13. 13 2. Nine Obligations (cont..) 8) Transfer limitation obligationTransfer limitation obligationTransfer limitation obligationTransfer limitation obligation a. An organisation shall not transfer any personal data to a country or territory outside Singapore unless organisation provide a standard of protection to personal data. b. Transferring organisations must further ensure that receiving organisations have in place appropriate internal policies governing its employees, agents and sub-contractors whom have access to any personal data received by the receiving organisation from a transferring organisation.
  • 14. 14 2. Nine Obligations (cont..) 9) Openness obligationOpenness obligationOpenness obligationOpenness obligation a. An organisation must implement the necessary policies and procedures in order to meet its obligations under the PDPA and shall make information. b. To develop a process to receive and respond to complaints that may arise with respect to the application of the PDPA. c. To communicate with its staff informing about its data protection policies and practices d. To make information available on request about its data protection policies and practices and its process to receive and respond to complaints.
  • 15. 15 3. Do Not Call Registry (“DNC Registry”) a. This Act provides for the setting up of a DNC Registry, which will allow individuals to register their phone numbers to opt-out of marketing or premium service messages from organisations. b. Organisations will be required by law to check with the registry and ensure that they do not send messages to the numbers registered unless they have obtained clear and explicit consent. c. Exceptions such as messages without commercial elements would not be covered by the DNC Registry at this stage. For Example message on - Promoting Political, National Programs - Voluntary service like requesting donations, charitable causes - To provide information like warranty, security, goods deliver - To conduct Market research or market survey
  • 16. 16 3. Do Not Call Registry (cont..) a. DNC registry accepts registration of Singapore telephone numbers, including mobile, fixed-line, residential and business numbers but Overseas telephone numbers is not registered. b. Sending of Business-to-Business (B2B) marketing messages is not currently covered by the requirements relating to the DNC registry ExampleExampleExampleExample:::: John calls an employee of ABCD Childcare Pte Ltd (“ABCD”), Mary, through her Business contact number (which John obtained from ABCD’s website) to promote a product which he thinks ABCD would purchase for use at its childcare centres. Such a call is not a specified message for the purposes of the Do Not Call Provisions. PDPAPDPAPDPAPDPA ---- Do Not CallDo Not CallDo Not CallDo Not Call - Phone calls - Fax messages Spam Control ActSpam Control ActSpam Control ActSpam Control Act - Email - Text messages - MMS messages Physical mailPhysical mailPhysical mailPhysical mail
  • 17. 17 3. Do Not Call Registry (cont..)
  • 18. 18 4. Appeal & Penalty Enforcement AppealAppealAppealAppeal a. After the Sunrise Period, the DPC (Data protection commission) is authorised to conduct investigations to review complaints, or initiate investigations on its own accord. i. Appeal from direction or decision of Commission ii. Appeals to High Court and Court of Appeal PenaltyPenaltyPenaltyPenalty a. A District Court will have authority and power to impose the full penalty or punishment in respect of the offence. b. Any personal guilty of offenses under this act shall be liable on conviction to a fine not exceeding $10,000 or to imprisonment for a term not exceeding 3 years or both. c. In case of a continuing offence, to a further fine not exceeding $1,000 for every day. d. For Organisation a financial penalty of an amount not exceeding $1 million.
  • 19. 19 5. In Conclusion a.Purpose & Objective of PDPA. b.Rule and Regulation of DNC registry c.The DNC Registry is expected to be ready for public registration by early 2014 & Personal data protection coming into force in mid 2014. d.The requirement of at least one designated individual within each organisation to be responsible for compliance with the PDPA (“Data Protection Officer”)