Speech by Pn Adlin Abdul Majid, Advocate & Solicitor from Lee Hishamuddin, given in Labour Law Seminar held by Legal Plus Sdn. Bhd (www.legalplus.com.my) on Apr 9, 2015
The Personal Data Protection Act 2010 has come into force in Malaysia. These slides explain the governing principles in order for you to have an overview whether your company is ready to comply.
The Personal Data Protection Act 2010 has come into force in Malaysia. These slides explain the governing principles in order for you to have an overview whether your company is ready to comply.
MWLUG - 2017
Tim Clark & Stephanie Heit
Tim & Steph explain the basics of GDPR and give some recommendations about what you can do to be ready.
Data sources are in the final slides.
For more information about how BCC can help you get your Domino data ready for GDPR please contact us here.
http://bcchub.com/bcc-domino-protect/
Data Privacy Trends in 2021: Compliance with New RegulationsPECB
The pandemic has changed the way the world works, shops, and interact; the consequences of this have included an increased reliance on technology for all of these activities and a corresponding increased sharing of personal information through technological mediums. Even before the pandemic, a global push was on to strengthen the protection of personal and health information and the results of these various influences has been an enhancement of privacy legislations globally. Compliance with global security laws is now also a larger concern for organizations everywhere.
The webinar will cover:
Global trends in privacy legislations
Some commonalities between privacy laws
Compliance requirements which can affect your organization
Recorded webinar > https://www.youtube.com/watch?v=BKWf6GTlgAM&feature=youtu.be
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/whitepaper/iso-27001...
https://pecb.com/en/education-and-cer...
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternat...
Slideshare: http://www.slideshare.net/PECBCERTIFI...
Data Protection Indonesia: Basic Regulation and Technical Aspects_ErykEryk Budi Pratama
Presented at Orang Siber Indonesia webinar.
11 July 2020
Topic: Data Protection: Basic Regulation and Technical Aspects
This presentation covers:
> Indonesia Data Protection Bill
> Data Masking
> Identity & Access Management
> Data Loss Prevention
Join us (for Indonesian):
t.me/orangsiber
t.me/dataprotectionid
Norfolk Chamber delivered a morning conference based around the European General Data Protection Regulation (GDPR), which will come into force on May 25 2018. Delegates heared from a variety of GDPR expert speakers from legal, marketing, IT and Data Protection perspectives.
Full GDPR toolkit: https://quality.eqms.co.uk/gdpr-general-data-protection-regulation-eu-toolkit
This free online training presentation provides you with information about how to comply with the General Data Protection Regulation, managing breaches, engaging employees, key requirements and more.
How GDPR works : companies will be expected to be
fully compliant from 25 May 2018. The regulation
is intended to establish one single set of data
protection rules across Europe
Privacy-ready Data Protection Program ImplementationEryk Budi Pratama
Presented at CDEF 16th Meetup at 18 August 2022.
Title:
Privacy-ready Data Protection Program Implementation
Topics:
- Why data protection is important
- Data Privacy Program Domain
- Operationalize Data Privacy Program
- Privacy-aligned Information Security Framework
- Roadmap to Protect Personal Data
- Privacy Management Technology
The CCPA is set to be the toughest privacy law in the United States and a trailblazer for future state and potentially federal legislation. The Act expands the rights of consumers and requires businesses falling within its scope to be significantly more transparent about how they collect, use, and disclose personal information. Any business in scope are required to enhance their data management practices, expand their individual rights processes, and update their privacy policies by the 2020 deadline.
This webinar will review:
-10 step plan to reach CCPA compliance by the end of the year
-Key areas still under discussion and feedback from open forums
-How enforcement will work; private action and regulator enforcement
Understanding the EU's new General Data Protection Regulation (GDPR)Acquia
In 2016, the European Union (EU) approved its General Data Protection Regulation (GDPR) to protect European citizens’ data. As a regulation, the GDPR does not require the implementation of legislation, and will immediately become an applicable law as of the 25th of May, 2018.
What is GDPR exactly trying to accomplish? According to the official documents, the goal is the “protection of natural persons with regard to the processing of personal data and on the free movement of such data.”
In short, organizations that conduct business in the EU will need to be compliant with GDPR, and must come to terms with the huge fines that non-compliance can carry. Fines can be up to €20M or 4% of the annual turnover. For companies that experience breaches that result in the loss of personal data (such as Talk Talk, which lost 170,000 people’s data), the fines will be tremendous.
Join us for discussion about GDPR to learn more about:
The principles that organizations that use personal data need to adhere to
The consequences organizations can face if that do not adhere to this new regulation
How your organization can prepare for the future
25th May 2018 marks the enforcement date of EU’s General Data Protection Regulation. This new regulation strives to increase privacy for individuals and penalize businesses in breach. The complexity organizations face in managing consumer data is driving the growth of privacy tech solutions that decisively address a slew of privacy compliance challenges.
An In House Counsel and Privacy Practitioners update on the changed regulatory landscape.
The Privacy and Data Protection Act 2014 received Royal Assent on 2 September 2014.
The new legislation replaces the Information Privacy Act 2000, and the Commissioner for Law Enforcement Data Security Act 2005, with a unified scheme governing the handling of personal information and data by Victorian Public sector agencies.
Ringkasan Standar Kompetensi Data Protection Officer | Agustus 2023 | IODTIEryk Budi Pratama
UU No 27 Tahun 2022 tentang Pelindungan Data Pribadi (“UU PDP”) telah disahkan pada bulan Oktober 2022 dan saat ini telah memasuki masa tenggang. Ketiadaan peraturan teknis / turunan membuat banyak organisasi masih ragu dalam menetapkan arah dan mengimplementasikan UU PDP sesuai dengan peraturan perundang-undangan yang berlaku. Salah satu aspek penting dalam UU PDP adalah terkait penunjukan Pejabat/Petugas yang melaksanakan fungsi Pelindungan Data Pribadi (PPDP) atau Data Protection Officer (DPO) seperti yang diamanatkan oleh UU PDP Pasal 53 dan 54.
Melalui Keputusan Menteri Ketenagakerjaan Republik Indonesia Nomor 103 Tahun 2023 tentang Penetapan Standar Kompetensi Kerja Nasional Indonesia Kategori Informasi dan Komunikasi Golongan Pokok Aktivitas Pemrograman, Konsultasi Komputer dan Kegiatan yang Berhubungan dengan Itu (YBDI) Bidang Keahlian Pelindungan Data Pribadi yang ditetapkan pada tanggal 23 Juni 2023, maka standar kompetensi PPDP/DPO telah sah untuk dapat dijadikan rujukan dalam menentukan kompetensi SDM, kebutuhan rekrutmen, pelatihan, dan sertifikasi terkait dengan Pelindungan Data Pribadi.
Ringkasan Standar Kompentensi / SKKNI Pelindungan Data Pribadi ini disusun untuk memudahkan masyarakat dalam memahami secara ringkas 4 Fungsi Kunci, 8 Fungsi Utama, dan 19 Fungsi Dasar yang telah disusun oleh Tim Perumus dan Kementerian Komunikasi dan Informatika Republik Indonesia, serta disahkan oleh Menteri Ketenagakerjaan Republik Indonesia. Semoga ringkasan SKKNI PDP ini dapat bermanfaat dan memberikan panduan secara ringkas tidak hanya perihal kompetensi PPDP/DPO, namun juga hal-hal yang dapat dilakukan oleh organisasi dalam menerapkan Program Pelindungan Data Pribadi.
Salam,
Eryk Budi Pratama, CIPM, CIPP/E, FIP
Chairman - Institute of Digital Trust Indonesia (IODTI)
Tim Perumus SKKNI Pelindungan Data Pribadi
Tim Perumus Rancangan Peraturan Pemerintah Pelindungan Data Pribadi (“RPP PDP”)
eryk@digitaltrustid.org
Philippine Data Privacy Law is in Republic Act No. 10173, otherwise known as the " Data Privacy Act of 2012".
In summary:
1) Processing of personal information is allowed – so long as it complies with the law.
2) As much as possible, consent should be obtained from the Data Subject for the processing of personal information.
3) The confidentiality, integrity, and availability of the personal information should be ensured.
4) Sensitive and personal information are prohibited – unless in exceptional cases.
5) Philippine Data Privacy Law has extraterritorial application and thus violations may be penalized even if done outside the Philippines.
Outsourcing and transfer of personal data - Titta Penttilä - TeliaSoneraSonera
Titta Penttilä's research "Outsourcing and transfer of personal data" for Information Security Training Program at Aalto University/ Aalto Pro 16.01.2012. Titta Penttilä is Senior Security Manager at TeliaSonera.
Complying with Singapore Personal Data Protection Act - A Practical GuideDaniel Li
A practical guide of how to comply with the provisions in Singapore Personal Data Protection Act from people, process, and technology (Microsoft specific) perspective.
MWLUG - 2017
Tim Clark & Stephanie Heit
Tim & Steph explain the basics of GDPR and give some recommendations about what you can do to be ready.
Data sources are in the final slides.
For more information about how BCC can help you get your Domino data ready for GDPR please contact us here.
http://bcchub.com/bcc-domino-protect/
Data Privacy Trends in 2021: Compliance with New RegulationsPECB
The pandemic has changed the way the world works, shops, and interact; the consequences of this have included an increased reliance on technology for all of these activities and a corresponding increased sharing of personal information through technological mediums. Even before the pandemic, a global push was on to strengthen the protection of personal and health information and the results of these various influences has been an enhancement of privacy legislations globally. Compliance with global security laws is now also a larger concern for organizations everywhere.
The webinar will cover:
Global trends in privacy legislations
Some commonalities between privacy laws
Compliance requirements which can affect your organization
Recorded webinar > https://www.youtube.com/watch?v=BKWf6GTlgAM&feature=youtu.be
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/whitepaper/iso-27001...
https://pecb.com/en/education-and-cer...
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternat...
Slideshare: http://www.slideshare.net/PECBCERTIFI...
Data Protection Indonesia: Basic Regulation and Technical Aspects_ErykEryk Budi Pratama
Presented at Orang Siber Indonesia webinar.
11 July 2020
Topic: Data Protection: Basic Regulation and Technical Aspects
This presentation covers:
> Indonesia Data Protection Bill
> Data Masking
> Identity & Access Management
> Data Loss Prevention
Join us (for Indonesian):
t.me/orangsiber
t.me/dataprotectionid
Norfolk Chamber delivered a morning conference based around the European General Data Protection Regulation (GDPR), which will come into force on May 25 2018. Delegates heared from a variety of GDPR expert speakers from legal, marketing, IT and Data Protection perspectives.
Full GDPR toolkit: https://quality.eqms.co.uk/gdpr-general-data-protection-regulation-eu-toolkit
This free online training presentation provides you with information about how to comply with the General Data Protection Regulation, managing breaches, engaging employees, key requirements and more.
How GDPR works : companies will be expected to be
fully compliant from 25 May 2018. The regulation
is intended to establish one single set of data
protection rules across Europe
Privacy-ready Data Protection Program ImplementationEryk Budi Pratama
Presented at CDEF 16th Meetup at 18 August 2022.
Title:
Privacy-ready Data Protection Program Implementation
Topics:
- Why data protection is important
- Data Privacy Program Domain
- Operationalize Data Privacy Program
- Privacy-aligned Information Security Framework
- Roadmap to Protect Personal Data
- Privacy Management Technology
The CCPA is set to be the toughest privacy law in the United States and a trailblazer for future state and potentially federal legislation. The Act expands the rights of consumers and requires businesses falling within its scope to be significantly more transparent about how they collect, use, and disclose personal information. Any business in scope are required to enhance their data management practices, expand their individual rights processes, and update their privacy policies by the 2020 deadline.
This webinar will review:
-10 step plan to reach CCPA compliance by the end of the year
-Key areas still under discussion and feedback from open forums
-How enforcement will work; private action and regulator enforcement
Understanding the EU's new General Data Protection Regulation (GDPR)Acquia
In 2016, the European Union (EU) approved its General Data Protection Regulation (GDPR) to protect European citizens’ data. As a regulation, the GDPR does not require the implementation of legislation, and will immediately become an applicable law as of the 25th of May, 2018.
What is GDPR exactly trying to accomplish? According to the official documents, the goal is the “protection of natural persons with regard to the processing of personal data and on the free movement of such data.”
In short, organizations that conduct business in the EU will need to be compliant with GDPR, and must come to terms with the huge fines that non-compliance can carry. Fines can be up to €20M or 4% of the annual turnover. For companies that experience breaches that result in the loss of personal data (such as Talk Talk, which lost 170,000 people’s data), the fines will be tremendous.
Join us for discussion about GDPR to learn more about:
The principles that organizations that use personal data need to adhere to
The consequences organizations can face if that do not adhere to this new regulation
How your organization can prepare for the future
25th May 2018 marks the enforcement date of EU’s General Data Protection Regulation. This new regulation strives to increase privacy for individuals and penalize businesses in breach. The complexity organizations face in managing consumer data is driving the growth of privacy tech solutions that decisively address a slew of privacy compliance challenges.
An In House Counsel and Privacy Practitioners update on the changed regulatory landscape.
The Privacy and Data Protection Act 2014 received Royal Assent on 2 September 2014.
The new legislation replaces the Information Privacy Act 2000, and the Commissioner for Law Enforcement Data Security Act 2005, with a unified scheme governing the handling of personal information and data by Victorian Public sector agencies.
Ringkasan Standar Kompetensi Data Protection Officer | Agustus 2023 | IODTIEryk Budi Pratama
UU No 27 Tahun 2022 tentang Pelindungan Data Pribadi (“UU PDP”) telah disahkan pada bulan Oktober 2022 dan saat ini telah memasuki masa tenggang. Ketiadaan peraturan teknis / turunan membuat banyak organisasi masih ragu dalam menetapkan arah dan mengimplementasikan UU PDP sesuai dengan peraturan perundang-undangan yang berlaku. Salah satu aspek penting dalam UU PDP adalah terkait penunjukan Pejabat/Petugas yang melaksanakan fungsi Pelindungan Data Pribadi (PPDP) atau Data Protection Officer (DPO) seperti yang diamanatkan oleh UU PDP Pasal 53 dan 54.
Melalui Keputusan Menteri Ketenagakerjaan Republik Indonesia Nomor 103 Tahun 2023 tentang Penetapan Standar Kompetensi Kerja Nasional Indonesia Kategori Informasi dan Komunikasi Golongan Pokok Aktivitas Pemrograman, Konsultasi Komputer dan Kegiatan yang Berhubungan dengan Itu (YBDI) Bidang Keahlian Pelindungan Data Pribadi yang ditetapkan pada tanggal 23 Juni 2023, maka standar kompetensi PPDP/DPO telah sah untuk dapat dijadikan rujukan dalam menentukan kompetensi SDM, kebutuhan rekrutmen, pelatihan, dan sertifikasi terkait dengan Pelindungan Data Pribadi.
Ringkasan Standar Kompentensi / SKKNI Pelindungan Data Pribadi ini disusun untuk memudahkan masyarakat dalam memahami secara ringkas 4 Fungsi Kunci, 8 Fungsi Utama, dan 19 Fungsi Dasar yang telah disusun oleh Tim Perumus dan Kementerian Komunikasi dan Informatika Republik Indonesia, serta disahkan oleh Menteri Ketenagakerjaan Republik Indonesia. Semoga ringkasan SKKNI PDP ini dapat bermanfaat dan memberikan panduan secara ringkas tidak hanya perihal kompetensi PPDP/DPO, namun juga hal-hal yang dapat dilakukan oleh organisasi dalam menerapkan Program Pelindungan Data Pribadi.
Salam,
Eryk Budi Pratama, CIPM, CIPP/E, FIP
Chairman - Institute of Digital Trust Indonesia (IODTI)
Tim Perumus SKKNI Pelindungan Data Pribadi
Tim Perumus Rancangan Peraturan Pemerintah Pelindungan Data Pribadi (“RPP PDP”)
eryk@digitaltrustid.org
Philippine Data Privacy Law is in Republic Act No. 10173, otherwise known as the " Data Privacy Act of 2012".
In summary:
1) Processing of personal information is allowed – so long as it complies with the law.
2) As much as possible, consent should be obtained from the Data Subject for the processing of personal information.
3) The confidentiality, integrity, and availability of the personal information should be ensured.
4) Sensitive and personal information are prohibited – unless in exceptional cases.
5) Philippine Data Privacy Law has extraterritorial application and thus violations may be penalized even if done outside the Philippines.
Outsourcing and transfer of personal data - Titta Penttilä - TeliaSoneraSonera
Titta Penttilä's research "Outsourcing and transfer of personal data" for Information Security Training Program at Aalto University/ Aalto Pro 16.01.2012. Titta Penttilä is Senior Security Manager at TeliaSonera.
Complying with Singapore Personal Data Protection Act - A Practical GuideDaniel Li
A practical guide of how to comply with the provisions in Singapore Personal Data Protection Act from people, process, and technology (Microsoft specific) perspective.
Personal data Protection Act Singapore How-to Perform AssessmentJean Luc Creppy
Short overview of an approach to conduct an assessment of your corporation to evaluate exposure of against the new Personal data Protection Act in Singapore
New Media Internet Expression and European Data ProtectionDavid Erdos
These slides are based on my keynote address to the Maison Française d'Oxford conference "Data Privacy Law: Policy and Legal Challenges", 20 November 2015. Drawing on both doctrinal analysis and a survey of European Data Protection Authorities (DPAs) it makes four key claims about law and practice as entrenched in C-131/12 Google Spain (2014). Firstly, both the Court of Justice and especially European DPAs have adopted an expansive interpretative stance as regards data protection applied to internet expression. Secondly, that paradigm has serious implications for a range of internet actors beyond search engines. Thirdly, enforcement has been both limited and sporadic. Fourthly, a focus by DPAs on enforcement can result in the production of detailed guidance which "reads down" the law and therefore is some tension with the expansive interpretative stance generally adopted, the implementation of the Google Spain decision against search engines being a case in point.
What All Organisations Need to Know About Data Protection and Cloud Computing...Brian Miller, Solicitor
Solicitor Brian Miller and barrister Vicki Bowles explore the legal and security aspects of data protection and putting your data in the cloud. This is part one (basic) of a two part course on data protection and cloud computing.
Webinar: Compliance and Data Protection in the Big Data Age: MongoDB Security...MongoDB
Data security and privacy are critical concerns in today’s connected world. Data analyzed from new sources such as social media, logs, mobile devices and sensor networks has become as sensitive as traditional transaction data generated by back-office systems. For this reason, big data technologies must evolve to meet the regulatory compliance standards demanded by industry and government. This session provides an overview of MongoDB’s security architecture, including authentication, authorization, auditing and encryption, collectively designed to to defend, detect and control access to valuable online big data.
Sexual Harassment & Gender Discrimination by Janice Anne LeolegalPadmin
Speech by Janice Anne Leo, Partner from Shook Lin & Bok, given in Labour Law Seminar held by Legal Plus Sdn. Bhd (www.legalplus.com.my) on Apr 10, 2015
Applying the Personal Data Protection Act (Singapore)Benjamin Ang
Presented at a workshop for the Internet Society Singapore Chapter in May 2013. Visit techmusicartandlaw.blogspot.com to contact the author, or www.isoc.sg to find out more about the Internet Society in Singapore
Data Protection & Privacy in Malaysian Total Hospital Information SystemQuotient Consulting
shares the recent presentation at the University of Oxford Centre for Health, Law and Emerging Technologies (HeLEX) on 10th August 2011. He was the academic visitor during the summer of 2011 (1st August 2011 - 19th August 2011). The works and research is under progress.
This slide will discuss about history of hacking, the purpose and effect of hacking, the steps that can be used to help prevent hacking from occurring. Also being discussed are hacktivism, or political hacking in Malaysia and solution taken and the law implemented in Malaysia.Malaysia and Solution implemented
After ensuring compliance as a controller and processor of data, Reddico created this presentation for the team - offering further guidance and information on our processes and how we've complied. For accuracy purposes, some information comes directly from the ICO's guidelines.
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...Harrison Clark Rickerbys
Slideshow from GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Directors, IT Directors & Ops Directors, on 7th March 2018 at Hilton Puckrup Hall
Building Consumer Trust through Individual Rights / DSAR ManagementTrustArc
Perhaps the most customer facing and public compliance requirements for GDPR, CCPA and LGPD are around the rights of the data subject, often referred to as individual rights or data subject access requests (DSARs). These regulations have significantly increased the requirements on businesses regarding how they address individual rights and related requests, specifically the type of requests they need to address and the timeline and process they need to follow in order to fulfill the requests.
In order to build consumer trust and fulfil data subject rights requirements, organizations must have a consistent and streamlined process for the intake and management of consumer requests.
This webinar will review:
-Summary of data subject rights requirements for GDPR, CCPA & LGPD
-Best practices and tips to comply
-Practical steps for implementing a Data Subject Rights -Management program along with sample case studies
For more information visit https://brightpay.co.uk
All organisations, regardless of size, will have had to introduce or update existing policies regarding personal data in order to comply with the new regulations.
This webinar will look at the GDPR, how it may affect your business and what we have learned from the GDPR 5 months on. We will also have a look at how BrightPay can help your organisation utilise the new regulations for the benefit of you, your customers and youremployees.
Essentially, GDPR is an overhaul of the way we process, manage and store individual’s personal data, and that includes your employee’s personal payroll and HR information. We will take you through the impact of GDPR on your payroll processing, highlighting the biggest areas of concern including emailing payslips, employee consent and your legal obligations with regards to payroll, HR and Employment law.
The webinar will include a demonstration of how our BrightPay Connect add-on can help you work towards GDPR compliance by offering remote online access to accountants, employers and employees. We will take a brief look at our Bright Contracts software, which as well as providing the user with the facility to create and customise Contracts of Employment and Company Handbooks, now has a new feature which enables the user to create an Employee Privacy Policy which is a requirement under GDPR.
We will also unveil our new timesheet rapid input feature. Our exciting new timesheet feature directly connects to the BrightPay payroll and allows clients to import timesheet hours from a CSV or directly input hours for each employee on the BrightPay connect employer dashboard. For accountants and payroll bureaus, clients can easily use the timesheet upload for rapid input of employee’s hours eliminating possible errors. The timesheet feature also allows bureaus to easily run the payroll before sending it back to your payroll client for final approval and validation.
Data Decoded: Understanding India's Draft Data Protection BillAntaraa Vasudev
India's draft Data Protection Bill has been drafted by a committee of experts, before it becomes a law, you can share your inputs on the Bill.
Better understand the Bill through this presentation and share your feedback before 30th September on the MEITY website or www.civis.vote.
How to Turn GDPR into a Competitive AdvantageBeamery
While there are plenty of documents that explain what GDPR is, there is almost no information on how to handle the process in practice. GDPR is going to fundamentally change everything about your recruiting process. Fail to adhere to the new legislation, and your team could be fined up to €20 million or 4% of annual global turnover, whichever is higher. This is not a trifling matter.
The General Data Protection Regulation (GDPR) in Ireland-What You Should KnowTerry Gorry
The General Data Protection Regulation (GDPR) came into effect on 25th May, 2018. This presentation looks at the key principles and concepts in the GDPR regulation
The Protection of Personal Information Act: A PresentationEndcode_org
What does the Protection of Personal information Act mean for business and for cybersecurity? Find out the implications of South Africa's new technology law Act.
For more information visit https://www.brightpay.co.uk
The General Data Protection Regulation (GDPR) comes into effect on 25 May 2018 with the aim of protecting all EU citizens from privacy and data breaches in an increasingly data driven world.
Employers process large amounts of personal data, not least in relation to their customers and their own employees. Consequently, the GDPR will impact most if not all areas of the business and the impact it will have cannot be overstated.
In this webinar, we will peel back the legislation to outline clearly:
What is GDPR and why is it being implemented?
Why employers need to take it seriously
How to prepare for GDPR
How we are working to help you
For more information visit https://www.thesaurus.ie or https://www.brightpay.ie
The General Data Protection Regulation (GDPR) comes into effect on 25 May 2018 with the aim of protecting all EU citizens from privacy and data breaches in an increasingly data driven world.
Payroll bureaus process large amounts of personal data, not least in relation to their customers, their customers’ employees, and their own employees. Consequently, the GDPR will impact most if not all areas of the business and the impact it will have cannot be overstated.
In this CPD accredited webinar, we will peel back the legislation to outline clearly:
What is GDPR and why is it being implemented?
Why employers need to take it seriously
How it will impact payroll bureaus
How to prepare for GDPR
How we are working to help you
Key Issues on the new General Data Protection RegulationOlivier Vandeputte
The General Data Protection Regulation is one of the most wide ranging pieces of legislation passed by the EU in recent years. The GDPR comes into effect on 25 May 2018. The new framework is ambitious, complex and strict. It presents any organization that has so far failed to begin preparations with a steep challenge to become GDPR compliant in time.
We have summarized the key issues in our GDPR brochure.
Similar to Personal Data Protection Act - Employee Data Privacy (20)
Change Of Ownership In Business: Its Impact On The Contract of EmploymentlegalPadmin
Speech by Dato' Thavalingam Thavarajah, from Lee Hishamuddin Allen & Gledhill, given in Labour Law Seminar held by Legal Plus Sdn. Bhd (www.legalplus.com.my) on Apr 10, 2015.
Fit & Proper Punishment Pre Panzana: Conflicting Views at High Court, Court o...legalPadmin
Speech by Dato' Jalaldin b Hussain (Chairman Industrial Court, Malaysia (Rtd)) & Tuan Mohd Khalid Atan (President, MTUC), given in Labour Law Seminar held by Legal Plus Sdn. Bhd (www.legalplus.com.my) on Apr 10, 2015
Redundancy, Retrenchment and SeparationlegalPadmin
Speech by Dato' Jalaldin b Hussain (Chairman Industrial Court, Malaysia (Rtd)) & Tuan Mohd Khalid Atan (President, MTUC), given in Labour Law Seminar held by Legal Plus Sdn. Bhd (www.legalplus.com.my) on Apr 10, 2015
Speech by Dato' Jalaldin b Hussain (Chairman Industrial Court, Malaysia (Rtd)) & Tuan Mohd Khalid Atan (President, MTUC), given in Labour Law Seminar held by Legal Plus Sdn. Bhd (www.legalplus.com.my) on Apr 10, 2015
Speech by Dato' Jalaldin b Hussain (Chairman Industrial Court, Malaysia (Rtd)) & Tuan Mohd Khalid Atan (President, MTUC), given in Labour Law Seminar held by Legal Plus Sdn. Bhd (www.legalplus.com.my) on Apr 10, 2015
Managing Dismissal Cases to Avoid RepercussionslegalPadmin
Speech by Dato' Jalaldin b Hussain (Chairman Industrial Court, Malaysia (Rtd)) & Tuan Mohd Khalid Atan (President, MTUC), given in Labour Law Seminar held by Legal Plus Sdn. Bhd (www.legalplus.com.my) on Apr 10, 2015
Redundancy, Retrenchment and SeparationlegalPadmin
Speech by K.Somasundram, Assistant Secretary from MTUC, given in Labour Law Seminar held by Legal Plus Sdn. Bhd (www.legalplus.com.my) on Apr 10, 2015.
Managing Dismissal to Avoid RepercussionlegalPadmin
Speech by K.Somasundram, Assistant Secretary from MTUC, given in Labour Law Seminar held by Legal Plus Sdn. Bhd (www.legalplus.com.my) on Apr 10, 2015.
Employment Laws Addressing Needs of EmployerslegalPadmin
Speech by YBhg Datuk Shamsuddin Bardan, Executive Director Malaysia Employers Federation, given in Labour Law Seminar held by Legal Plus Sdn. Bhd (www.legalplus.com.my) on Apr 9, 2015
How to Obtain Permanent Residency in the NetherlandsBridgeWest.eu
You can rely on our assistance if you are ready to apply for permanent residency. Find out more at: https://immigration-netherlands.com/obtain-a-permanent-residence-permit-in-the-netherlands/.
Responsibilities of the office bearers while registering multi-state cooperat...Finlaw Consultancy Pvt Ltd
Introduction-
The process of register multi-state cooperative society in India is governed by the Multi-State Co-operative Societies Act, 2002. This process requires the office bearers to undertake several crucial responsibilities to ensure compliance with legal and regulatory frameworks. The key office bearers typically include the President, Secretary, and Treasurer, along with other elected members of the managing committee. Their responsibilities encompass administrative, legal, and financial duties essential for the successful registration and operation of the society.
ALL EYES ON RAFAH BUT WHY Explain more.pdf46adnanshahzad
All eyes on Rafah: But why?. The Rafah border crossing, a crucial point between Egypt and the Gaza Strip, often finds itself at the center of global attention. As we explore the significance of Rafah, we’ll uncover why all eyes are on Rafah and the complexities surrounding this pivotal region.
INTRODUCTION
What makes Rafah so significant that it captures global attention? The phrase ‘All eyes are on Rafah’ resonates not just with those in the region but with people worldwide who recognize its strategic, humanitarian, and political importance. In this guide, we will delve into the factors that make Rafah a focal point for international interest, examining its historical context, humanitarian challenges, and political dimensions.
WINDING UP of COMPANY, Modes of DissolutionKHURRAMWALI
Winding up, also known as liquidation, refers to the legal and financial process of dissolving a company. It involves ceasing operations, selling assets, settling debts, and ultimately removing the company from the official business registry.
Here's a breakdown of the key aspects of winding up:
Reasons for Winding Up:
Insolvency: This is the most common reason, where the company cannot pay its debts. Creditors may initiate a compulsory winding up to recover their dues.
Voluntary Closure: The owners may decide to close the company due to reasons like reaching business goals, facing losses, or merging with another company.
Deadlock: If shareholders or directors cannot agree on how to run the company, a court may order a winding up.
Types of Winding Up:
Voluntary Winding Up: This is initiated by the company's shareholders through a resolution passed by a majority vote. There are two main types:
Members' Voluntary Winding Up: The company is solvent (has enough assets to pay off its debts) and shareholders will receive any remaining assets after debts are settled.
Creditors' Voluntary Winding Up: The company is insolvent and creditors will be prioritized in receiving payment from the sale of assets.
Compulsory Winding Up: This is initiated by a court order, typically at the request of creditors, government agencies, or even by the company itself if it's insolvent.
Process of Winding Up:
Appointment of Liquidator: A qualified professional is appointed to oversee the winding-up process. They are responsible for selling assets, paying off debts, and distributing any remaining funds.
Cease Trading: The company stops its regular business operations.
Notification of Creditors: Creditors are informed about the winding up and invited to submit their claims.
Sale of Assets: The company's assets are sold to generate cash to pay off creditors.
Payment of Debts: Creditors are paid according to a set order of priority, with secured creditors receiving payment before unsecured creditors.
Distribution to Shareholders: If there are any remaining funds after all debts are settled, they are distributed to shareholders according to their ownership stake.
Dissolution: Once all claims are settled and distributions made, the company is officially dissolved and removed from the business register.
Impact of Winding Up:
Employees: Employees will likely lose their jobs during the winding-up process.
Creditors: Creditors may not recover their debts in full, especially if the company is insolvent.
Shareholders: Shareholders may not receive any payout if the company's debts exceed its assets.
Winding up is a complex legal and financial process that can have significant consequences for all parties involved. It's important to seek professional legal and financial advice when considering winding up a company.
3. Introduction
Written / Oral
3
PERSONAL DATA PROTECTION ACT 2010
Application
• Applies to any person who processes or has control over or authorises
processing of personal data in respect of commercial transactions
• Applies if:
• PERSON ESTABLISHED IN MALAYSIA: Personal data is processed,
whether or not in context of that establishment, by that person or
any other person employed or engaged by that establishment
• PERSON NOT ESTABLISHED IN MALAYSIA: Uses equipment in
Malaysia to process personal data (otherwise than for purpose of
transit in Malaysia)
NOT
applicable
• Federal & State Governments
• Personal data processed outside Malaysia, unless intended to be further
processed in Malaysia
Complaints-based system
4. Application to employment relationships
4
• Any transaction of a commercial nature, whether contractual
or not
• Includes matters relating to:
• Supply or exchange of goods or services;
• Agency;
• Investments;
• Financing;
• Banking; &
• Insurance
• Does not include a credit reporting business
commercial transactions
Draft Guidelines on
Management of Employee Data
5. 7 Principles of data protection
Written / Oral
5
Data Subject
General Principle
Data Processor/
3rd Party
Data User
Security Principle
Retention Principle
Integrity Principle
Notice &
Choice Principle
Disclosure
Principle
Access Principle
Employee
Employer
Service
providers
9. What do you need consent for?
Written / Oral
9
Consent?
Non-sensitive
personal data
Disclosure of
personal data
to third parties
Transfer of
personal data
overseas
Sensitive
personal data
(explicit
consent)
10. Exemptions to consent
10
No Exemption Example
(a) For the performance of a contract to which
the data subject is a party
Existing bank customers
(b) For the taking of steps at the request of the
data subject with a view to entering into a
contract
Before the sale & purchase of a car, the
information requested by the salesman
in order to execute the contract
(c) For compliance with any legal obligation to
which the data user is the subject, other
than an obligation imposed by a contract
When an organisation is under a duty
pursuant to eg. tax laws, to provide
information of its employees to
authorities
(d) In order to protect the vital interests of the
data subject
In a situation where a person is
unconscious & needs medical
treatment to save his life
(e) For the administration of justice For the enforcement of a court order
(f) For the exercise of any functions conferred
on any person by or under any law
If an organisation is tasked to perform
a service by a law
11. Written / Oral
11
Explicit consent given by data subject
Processing is necessary
Personal data has been made public
Sensitive personal data may only be processed if…
13. Consent: What does it entail?
Written / Oral
13
PDPA Regulations
DRAFT GUIDELINES ON
CONSENT
• Key test: Ability to
demonstrate that
consent exists /
given
• Data subject must
be fully aware of &
understand consent
• Consent
understood to have
been given when
individuals DO NOT
OBJECT or
volunteer personal
data after purposes
clearly explained
15. Notice & choice
Written / Oral
15
• Data user shall provide a WRITTEN NOTICE to the data subject. To
include:
• That personal data of the data subject is being processed by or
on behalf of the data user
• Description of the personal data
• Purpose it is collected & further processed
• Class of 3rd parties to whom data user discloses / may disclose
the personal data
• Whether it is obligatory for the data subject to provide the
personal data
• Must be given as soon as practicable
• In national language & English
• Must be able to keep a record of service of notice
17. 17
Channels of serving notices to employees
Notice to
employees
Emails
Employment
forms
Employment
contracts
Salary slips
18. Right to access personal data
18
Right to
access
Full
disclosure
Partial
disclosure
Refuse to
disclose
Must respond within 21 days
19. When can you refuse to disclose / partially disclose?
Written / Oral
19
No sufficient
information on
identity of requestor
/ data subject
No sufficient
information to locate
personal data
Burden or expense of
providing access
Would disclose
information of
another individual
Another data user
controls personal
data
Violation of court
order
Would disclose
confidential
commercial
information
Access is regulated
by another law
21. 21
s10 PDPA
Employment
Draft
Guidelines
*Must destroy personal data
once purpose of processing has
lapsed
*Be aware of obligations
imposed by law, such as s61 of
Employment Act 1955
*Fresh consent needed for
future uses
*Should minimise cost by
deleting / anonymise when no
longer necessary
Retention of employee records
22. Retention of former employees’ data
22
HK
Guidance
Necessary for legal
/ contractual /
statutory obligation
Directly related to
managing the
relationship
between employer
& former employee
Need to defend
organisation in civil or
criminal suit
Consented to by
former
employee
Needed for job
references /
reapplication
24. Conclusion
24
PRE-EMPLOYMENT
• Receipt of CVs
BEGINNING OF EMPLOYMENT
• Requests for personal data: Non-sensitive personal
data / sensitive personal data
DURING EMPLOYMENT
• Further requests for personal data
• Security / Access / Integrity / Disclosure
END OF EMPLOYMENT
• Retention