SlideShare une entreprise Scribd logo

Personal Data Protection Singapore - Pdpc corporate-brochure

Jean Luc Creppy
Jean Luc Creppy

Personal Data Protection Act Brochure for Corporates in Singapore

BusinessTechnologie
1  sur  5
S I N G A P O R E PROTECTION COMMISSION PERSONAL DATA w w w. p d p c . g o v. s g A QUICK GUIDE TO THE PERSONAL DATA PROTECTION ACT 2012 FOR ORGANISATIONS WHEN BUSINESS GETS PERSONAL
Organisations today collect and use personal data of individuals such as customers, employees or members of associations. They need such data for providing products and services to customers, understanding customers’ profile and market trends to develop better products and services so as to retain their competitive edge, and managing employment and members’ relationships. These individuals trust organisations to use and disclose their personal data appropriately and keep their information safe. The Personal Data Protection Act 2012 The Personal Data Protection Act 2012 (PDPA) governs the collection, use and disclosure of personal data by private organisations, in a way that recognises both the needs of individuals and organisations. The PDPA contains two sets of requirements, covering personal data protection and the Do Not Call (DNC) registry, which will come into force in mid 2014 and early 2014 respectively. The transition period between now and then is to allow organisations time to review and adopt internal personal data protection policies and practices in accordance with the PDPA. The personal data protection requirements cover personal data stored in electronic and non-electronic forms. The requirements, however, do not apply to: • An individual acting in a personal or domestic capacity. • An employee acting in the course of his/her employment with an organisation. • A public agency or an organisation acting on behalf of a public agency in relation to the collection, use or disclosure of personal data. • Business contact information. This refers to an individual’s name, position name or title, business telephone number/address/email address/fax number and any other similar information about the individual, not provided by the individual solely for his/her personal purposes. • Personal data about a deceased individual, except that the provisions relating to disclosure and protection of personal data will apply to personal data about an individual who has been dead for 10 years or fewer. • Personal data contained in a record that has been in existence for at least 100 years. Individuals • Gives individuals more control over how their personal data is collected, used and disclosed. • Allows individuals to access and correct their personal data held by organisations. Organisations • Builds consumer confidence. • Facilitates safe and protected cross-border transfer of information. • Enhances efficiency and productivity, branding and competitiveness. Singapore • Serves to strengthen Singapore’s position as a trusted hub for data hosting and management activities. BENEFITS Introduction
8 9 7 6 53 2 1 Personal data refers to data, whether true or not, about an individual who can be identified from that data, or from that data and other information to which an organisation has or is likely to have access. These can range from names, contact numbers and addresses to other types of data that do not directly identify an individual on its own but form part of an accessible record about an individual. What is Personal Data? You may continue to use personal data that has been collected before the PDPA comes into effect for the purposes for which the personal data was collected, unless the individual has withdrawn consent. If there is a fresh purpose for the use of the personal data, consent has to be obtained anew. For personal data collected after the PDPA comes into effect, you will have to notify and obtain the individual’s consent to the collection, use and disclosure of his/her personal data. Existing Data Only collect, use or disclose personal data when an individual has given his/her consent. Allow individuals to withdraw consent, with reasonable notice, and inform them of the likely consequences of withdrawal. Upon withdrawal, and depending on the withdrawal request, you must cease to collect, use or disclose their personal data. Make information about your data protection policies, practices and complaints process available on request. Designate one or more individuals to implement personal data protection policies within your organisation. The business contact information of your data protection officer(s) should also be made available to the public. However, compliance with the PDPA remains the responsibility of the organisation. Transfer personal data to another country only according to the requirements prescribed under the regulations, to ensure that the standard of protection provided to the personal data so transferred will be comparable to the protection under the PDPA. Cease retention of personal data or remove the means by which the personal data can be associated with particular individuals when it is no longer necessary for any business or legal purposes. CONSENT OBLIGATION OPENNESS OBLIGATION TRANSFER LIMITATION OBLIGATION RETENTION LIMITATION OBLIGATION Make security arrangements to protect the personal data that you possess or control to prevent unauthorised access, collection, use, disclosure, or similar risks. Ensure that personal data collected by or on behalf of your organisation is reasonably accurate and complete. Notify individuals of the purposes for which you are intending to collect, use or disclose their personal data on or before such collection, use or disclosure of personal data. PROTECTION OBLIGATION ACCURACY OBLIGATIONNOTIFICATION OBLIGATION You may collect, use or disclose personal data about an individual for the purpose for which he/she has given consent. You may not, as a condition of providing a product or service, require the individual to consent to the collection, use or disclosure of his/her personal data beyond what is reasonable to provide that product or service. PURPOSE LIMITATION OBLIGATION Upon request, the personal data of an individual and information about the ways in which his/her personal data may have been used or disclosed in the past year should be provided. You are also required to correct any error or omission in an individual’s personal data upon his/her request. 4ACCESS & CORRECTION OBLIGATION Subject to all the obligations under the PDPA, unless an exception applies. Data Intermediary ORGANISATION Subject to the Protection and Retention Limitation Obligations only, where it processes personal data for another organisation under a written contract. * Please refer to the PDPA for further details on the scope of the Data Protection provisions including the exceptions. Organisations should assess and be satisfied if any exception provided in the PDPA would apply. 9 Main Obligations of the PDPA
Here are some possible steps you can take to get started: STEP1 Appoint a Data Protection Officer Designate at least one person to oversee your organisation’s compliance with the PDPA. This person may be an employee in your organisation, and his/her role may include developing policies for handling personal data in electronic or non-electronic forms, communicating internal personal data policies to customers, and handling any queries or complaints about personal data. STEP2 Map Out Your Personal Data Inventory Be responsible for the personal data in your possession or under your control. Be clear about how, when and where you collected the data. Know the purpose of data collection and obtain consent for the use and disclosure of the personal data collected. STEP3 Implement Data Protection Processes After understanding your organisation’s personal data inventory, you should review its data management framework and processes to align them with the PDPA. Here are some things to consider: • Set up policies and processes to inform an individual of the purpose of the collection, use or disclosure of his personal data and obtain his consent. Set up policies and processes to allow the individual to withdraw consent at anytime upon giving reasonable notice. • Establish a clear practice for assessing and processing access and correction requests and complaints. Provide information to customers on how they may request to access and correct their personal data or file a complaint with your organisation. • Regularly review the sufficiency of the protection policy and mechanisms for the personal data in your possession or control. Set clear timelines for the retention of personal data and cease retention of documents containing personal data when no longer required for any business or legal purposes. • Review the terms of engagement with third parties such as agents, partners or data intermediaries to ensure adherence to the PDPA. STEP4 Communicate to Employees Inform all employees of the organisation’s data protection policies and their role in safeguarding personal data. Ensure your employees know what the internal processes are with regard to protecting personal data. STEP5 Establish an Internal Audit Policy Conduct regular internal audits to ensure your organisation’s processes adhere to the PDPA. Getting Started
This publication gives a general introduction to information about the personal data protection law in Singapore and best practices. The contents herein are not intended to be an authoritative statement of the law or a substitute for legal advice. The Personal Data Protection Commission (PDPC), the Info-communications Development Authority of Singapore (IDA) and their respective members, officers and employees shall not be responsible for any inaccuracy, error or omission in this publication or liable for any damage or loss of any kind as a result of any use of or reliance on this publication. ©COPYRIGHT May 2013 – Personal Data Protection Commission Singapore and Info-communications Development Authority of Singapore The contents of this publication are protected by copyright, trade mark and other forms of proprietary rights. All rights, title and interest in the contents are owned by, licensed to or controlled by the PDPC and/or IDA, unless otherwise expressly stated. This publication may not be reproduced, republished or transmitted in any form or by any means, in whole or in part, without written permission. There will be three Do Not Call (DNC) Registers created for voice calls, text messages (e.g.SMS/MMS) and fax messages. To opt out of unsolicited telemarketing messages, individuals may register their Singapore telephone numbers with any or all of the DNC Registers for free. Their registration does not expire, unless they withdraw their registrations or terminate their numbers. If your organisation would like to send telemarketing messages via any or all three means, before doing so, you will need to: • check the relevant register(s) before sending telemarketing messages; • provide contact information about the organisation who sent or authorised the sending of the telemarketing messages within the message; and • ensure the calling line identity is not concealed or withheld (for voice calls). If you have obtained the individual’s clear and unambiguous consent in written or other accessible form to receive telemarketing messages specifically through voice calls, text messages or fax messages from your organisation, you may do so regardless of whether he/she is registered with the DNC registry. The DNC registry, however, does not cover messages sent for other purposes, such as service calls or reminder messages sent by organisations to render services bought by the individual. Telemarketing calls or messages of a commercial nature that target businesses are also excluded from the DNC registry provisions. For more information on the exclusion of marketing messages under the DNC provisions, please refer to the Eighth Schedule of the PDPA. Call Us General Enquiries: +65 6377 3131 Quality Service Manager: 1800 270 0222 / +65 6270 0222 Fax Us Fax: +65 6273 7370 Email Us General Enquiries: info@pdpc.gov.sg Quality Service Manager: pdpc_qsm@pdpc.gov.sg Or fill up our online feedback form at www.pdpc.gov.sg/feedback DNC Registry Provisions Useful Information

Recommandé

Complying with Singapore Personal Data Protection Act - A Practical Guide
Complying with Singapore Personal Data Protection Act - A Practical GuideComplying with Singapore Personal Data Protection Act - A Practical Guide
Complying with Singapore Personal Data Protection Act - A Practical GuideDaniel Li
 
Applying the Personal Data Protection Act (Singapore)
Applying the Personal Data Protection Act (Singapore)Applying the Personal Data Protection Act (Singapore)
Applying the Personal Data Protection Act (Singapore)Benjamin Ang
 
GDPR Introduction and overview
GDPR Introduction and overviewGDPR Introduction and overview
GDPR Introduction and overviewJane Lambert
 
Pdpa presentation
Pdpa presentationPdpa presentation
Pdpa presentationAlan Teh
 
GDPR for Dummies
GDPR for DummiesGDPR for Dummies
GDPR for DummiesCaroline Boscher
 
Presentation on GDPR
Presentation on GDPRPresentation on GDPR
Presentation on GDPRDipanjanDey12
 
General Data Protection Regulations (GDPR): Do you understand it and are you ...
General Data Protection Regulations (GDPR): Do you understand it and are you ...General Data Protection Regulations (GDPR): Do you understand it and are you ...
General Data Protection Regulations (GDPR): Do you understand it and are you ...Cvent
 
General Data Protection Regulation
General Data Protection RegulationGeneral Data Protection Regulation
General Data Protection RegulationBCC - Solutions for IBM Collaboration Software
 

Recommandé

Complying with Singapore Personal Data Protection Act - A Practical Guide
Complying with Singapore Personal Data Protection Act - A Practical GuideComplying with Singapore Personal Data Protection Act - A Practical Guide
Complying with Singapore Personal Data Protection Act - A Practical GuideDaniel Li
 
Applying the Personal Data Protection Act (Singapore)
Applying the Personal Data Protection Act (Singapore)Applying the Personal Data Protection Act (Singapore)
Applying the Personal Data Protection Act (Singapore)Benjamin Ang
 
GDPR Introduction and overview
GDPR Introduction and overviewGDPR Introduction and overview
GDPR Introduction and overviewJane Lambert
 
Pdpa presentation
Pdpa presentationPdpa presentation
Pdpa presentationAlan Teh
 
GDPR for Dummies
GDPR for DummiesGDPR for Dummies
GDPR for DummiesCaroline Boscher
 
Presentation on GDPR
Presentation on GDPRPresentation on GDPR
Presentation on GDPRDipanjanDey12
 
General Data Protection Regulations (GDPR): Do you understand it and are you ...
General Data Protection Regulations (GDPR): Do you understand it and are you ...General Data Protection Regulations (GDPR): Do you understand it and are you ...
General Data Protection Regulations (GDPR): Do you understand it and are you ...Cvent
 
General Data Protection Regulation
General Data Protection RegulationGeneral Data Protection Regulation
General Data Protection RegulationBCC - Solutions for IBM Collaboration Software
 
GDPR: Training Materials by Qualsys
GDPR: Training Materials by QualsysGDPR: Training Materials by Qualsys
GDPR: Training Materials by QualsysQualsys Ltd
 
Highlights of the Singapore Personal Data Protection Act 2012
Highlights of the Singapore Personal Data Protection Act 2012Highlights of the Singapore Personal Data Protection Act 2012
Highlights of the Singapore Personal Data Protection Act 2012Fuji Xerox Singapore
 
GDPR infographic
GDPR infographicGDPR infographic
GDPR infographicMarketing Team at Crown Worldwide Group
 
GDPR Demystified
GDPR DemystifiedGDPR Demystified
GDPR DemystifiedSPIN Chennai
 
Personal Data Protection in Malaysia
Personal Data Protection in MalaysiaPersonal Data Protection in Malaysia
Personal Data Protection in MalaysiaMSC Malaysia Cybercentre @ Bangsar South City
 
Présentation RGPD/GDPR 2018
Présentation RGPD/GDPR 2018Présentation RGPD/GDPR 2018
Présentation RGPD/GDPR 2018Pierre Ammeloot
 
GDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection RegulationGDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection RegulationVicky Dallas
 
Workplace Privacy Presentation
Workplace Privacy PresentationWorkplace Privacy Presentation
Workplace Privacy PresentationSarah Forbes
 
What about GDPR?
What about GDPR?What about GDPR?
What about GDPR?Martin Hawksey
 
GDPR: Key Article Overview
GDPR: Key Article OverviewGDPR: Key Article Overview
GDPR: Key Article OverviewCraig Clark ITIL, CIS LI,EU GDPR P
 
Personal Data Protection Act - Employee Data Privacy
Personal Data Protection Act - Employee Data PrivacyPersonal Data Protection Act - Employee Data Privacy
Personal Data Protection Act - Employee Data PrivacylegalPadmin
 
Tietosuoja koulussa käytännössä
Tietosuoja koulussa käytännössäTietosuoja koulussa käytännössä
Tietosuoja koulussa käytännössäHarto Pönkä
 
Le GDPR (General Data Protection Regulation) - Diaporama
Le GDPR (General Data Protection Regulation) - DiaporamaLe GDPR (General Data Protection Regulation) - Diaporama
Le GDPR (General Data Protection Regulation) - DiaporamaJean-Michel Tyszka
 
Data Processing - data privacy and sensitive data
Data Processing - data privacy and sensitive dataData Processing - data privacy and sensitive data
Data Processing - data privacy and sensitive dataOpenAIRE
 
Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data SecurityWilmerHale
 
Cyber Crimes: The Transformation of Crime in the Information Age
Cyber Crimes: The Transformation of Crime in the Information AgeCyber Crimes: The Transformation of Crime in the Information Age
Cyber Crimes: The Transformation of Crime in the Information AgeVishni Ganepola
 
Data protection
Data protectionData protection
Data protectionLewis Silkin
 
Data protection ppt
Data protection pptData protection ppt
Data protection pptgrahamwell
 
Personal privacy and computer technologies
Personal privacy and computer technologiesPersonal privacy and computer technologies
Personal privacy and computer technologiessidra batool
 
Data Privacy in India and data theft
Data Privacy in India and data theftData Privacy in India and data theft
Data Privacy in India and data theftAmber Gupta
 
Data Protection & Privacy in Malaysian Total Hospital Information System
Data Protection & Privacy in Malaysian Total Hospital Information SystemData Protection & Privacy in Malaysian Total Hospital Information System
Data Protection & Privacy in Malaysian Total Hospital Information SystemQuotient Consulting
 
Personal data Protection Act Singapore How-to Perform Assessment
Personal data Protection Act Singapore How-to Perform AssessmentPersonal data Protection Act Singapore How-to Perform Assessment
Personal data Protection Act Singapore How-to Perform AssessmentJean Luc Creppy
 

Contenu connexe

Tendances

GDPR: Training Materials by Qualsys
GDPR: Training Materials by QualsysGDPR: Training Materials by Qualsys
GDPR: Training Materials by QualsysQualsys Ltd
 
Highlights of the Singapore Personal Data Protection Act 2012
Highlights of the Singapore Personal Data Protection Act 2012Highlights of the Singapore Personal Data Protection Act 2012
Highlights of the Singapore Personal Data Protection Act 2012Fuji Xerox Singapore
 
Présentation RGPD/GDPR 2018
Présentation RGPD/GDPR 2018Présentation RGPD/GDPR 2018
Présentation RGPD/GDPR 2018Pierre Ammeloot
 
GDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection RegulationGDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection RegulationVicky Dallas
 
Workplace Privacy Presentation
Workplace Privacy PresentationWorkplace Privacy Presentation
Workplace Privacy PresentationSarah Forbes
 
Personal Data Protection Act - Employee Data Privacy
Personal Data Protection Act - Employee Data PrivacyPersonal Data Protection Act - Employee Data Privacy
Personal Data Protection Act - Employee Data PrivacylegalPadmin
 
Tietosuoja koulussa käytännössä
Tietosuoja koulussa käytännössäTietosuoja koulussa käytännössä
Tietosuoja koulussa käytännössäHarto Pönkä
 
Le GDPR (General Data Protection Regulation) - Diaporama
Le GDPR (General Data Protection Regulation) - DiaporamaLe GDPR (General Data Protection Regulation) - Diaporama
Le GDPR (General Data Protection Regulation) - DiaporamaJean-Michel Tyszka
 
Data Processing - data privacy and sensitive data
Data Processing - data privacy and sensitive dataData Processing - data privacy and sensitive data
Data Processing - data privacy and sensitive dataOpenAIRE
 
Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data SecurityWilmerHale
 
Cyber Crimes: The Transformation of Crime in the Information Age
Cyber Crimes: The Transformation of Crime in the Information AgeCyber Crimes: The Transformation of Crime in the Information Age
Cyber Crimes: The Transformation of Crime in the Information AgeVishni Ganepola
 
Data protection ppt
Data protection pptData protection ppt
Data protection pptgrahamwell
 
Personal privacy and computer technologies
Personal privacy and computer technologiesPersonal privacy and computer technologies
Personal privacy and computer technologiessidra batool
 
Data Privacy in India and data theft
Data Privacy in India and data theftData Privacy in India and data theft
Data Privacy in India and data theftAmber Gupta
 

Tendances (20)

GDPR: Training Materials by Qualsys
GDPR: Training Materials by QualsysGDPR: Training Materials by Qualsys
GDPR: Training Materials by Qualsys
 
Highlights of the Singapore Personal Data Protection Act 2012
Highlights of the Singapore Personal Data Protection Act 2012Highlights of the Singapore Personal Data Protection Act 2012
Highlights of the Singapore Personal Data Protection Act 2012
 
GDPR infographic
GDPR infographicGDPR infographic
GDPR infographic
 
GDPR Demystified
GDPR DemystifiedGDPR Demystified
GDPR Demystified
 
Personal Data Protection in Malaysia
Personal Data Protection in MalaysiaPersonal Data Protection in Malaysia
Personal Data Protection in Malaysia
 
Présentation RGPD/GDPR 2018
Présentation RGPD/GDPR 2018Présentation RGPD/GDPR 2018
Présentation RGPD/GDPR 2018
 
GDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection RegulationGDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection Regulation
 
Workplace Privacy Presentation
Workplace Privacy PresentationWorkplace Privacy Presentation
Workplace Privacy Presentation
 
What about GDPR?
What about GDPR?What about GDPR?
What about GDPR?
 
GDPR: Key Article Overview
GDPR: Key Article OverviewGDPR: Key Article Overview
GDPR: Key Article Overview
 
Personal Data Protection Act - Employee Data Privacy
Personal Data Protection Act - Employee Data PrivacyPersonal Data Protection Act - Employee Data Privacy
Personal Data Protection Act - Employee Data Privacy
 
Tietosuoja koulussa käytännössä
Tietosuoja koulussa käytännössäTietosuoja koulussa käytännössä
Tietosuoja koulussa käytännössä
 
Le GDPR (General Data Protection Regulation) - Diaporama
Le GDPR (General Data Protection Regulation) - DiaporamaLe GDPR (General Data Protection Regulation) - Diaporama
Le GDPR (General Data Protection Regulation) - Diaporama
 
Data Processing - data privacy and sensitive data
Data Processing - data privacy and sensitive dataData Processing - data privacy and sensitive data
Data Processing - data privacy and sensitive data
 
Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data Security
 
Cyber Crimes: The Transformation of Crime in the Information Age
Cyber Crimes: The Transformation of Crime in the Information AgeCyber Crimes: The Transformation of Crime in the Information Age
Cyber Crimes: The Transformation of Crime in the Information Age
 
Data protection
Data protectionData protection
Data protection
 
Data protection ppt
Data protection pptData protection ppt
Data protection ppt
 
Personal privacy and computer technologies
Personal privacy and computer technologiesPersonal privacy and computer technologies
Personal privacy and computer technologies
 
Data Privacy in India and data theft
Data Privacy in India and data theftData Privacy in India and data theft
Data Privacy in India and data theft
 

En vedette

Data Protection & Privacy in Malaysian Total Hospital Information System
Data Protection & Privacy in Malaysian Total Hospital Information SystemData Protection & Privacy in Malaysian Total Hospital Information System
Data Protection & Privacy in Malaysian Total Hospital Information SystemQuotient Consulting
 
Personal data Protection Act Singapore How-to Perform Assessment
Personal data Protection Act Singapore How-to Perform AssessmentPersonal data Protection Act Singapore How-to Perform Assessment
Personal data Protection Act Singapore How-to Perform AssessmentJean Luc Creppy
 
Trust, security and privacy issues with cloud erp
Trust, security and privacy issues with cloud erpTrust, security and privacy issues with cloud erp
Trust, security and privacy issues with cloud erpHarshit Garg
 
Dirección administrativa
Dirección administrativa Dirección administrativa
Dirección administrativa ivanna mora
 
1430 mr andrew fung insights from tafep’s initiatives and research on effec...
1430 mr andrew fung insights from tafep’s initiatives and research on effec...1430 mr andrew fung insights from tafep’s initiatives and research on effec...
1430 mr andrew fung insights from tafep’s initiatives and research on effec...Age Friendly Workforce Asia
 
Employment Fair Fg Presentation(5)
Employment Fair Fg Presentation(5)Employment Fair Fg Presentation(5)
Employment Fair Fg Presentation(5)theemployer
 
Cybercrime Court Decisions from Latin America - Legal and Policy Developments...
Cybercrime Court Decisions from Latin America - Legal and Policy Developments...Cybercrime Court Decisions from Latin America - Legal and Policy Developments...
Cybercrime Court Decisions from Latin America - Legal and Policy Developments...Cédric Laurant
 
Outsourcing and transfer of personal data - Titta Penttilä - TeliaSonera
Outsourcing and transfer of personal data - Titta Penttilä - TeliaSoneraOutsourcing and transfer of personal data - Titta Penttilä - TeliaSonera
Outsourcing and transfer of personal data - Titta Penttilä - TeliaSoneraSonera
 
Personal Data Protection for your Church
Personal Data Protection for your ChurchPersonal Data Protection for your Church
Personal Data Protection for your ChurchBenjamin Ck Ang
 
HR Recruitment Trends 2014
HR Recruitment Trends 2014HR Recruitment Trends 2014
HR Recruitment Trends 2014srini vasan
 
Emerging Trends in Information Security and Privacy
Emerging Trends in Information Security and PrivacyEmerging Trends in Information Security and Privacy
Emerging Trends in Information Security and Privacylgcdcpas
 
Lecture01: Introduction to Security and Privacy in Cloud Computing
Lecture01: Introduction to Security and Privacy in Cloud ComputingLecture01: Introduction to Security and Privacy in Cloud Computing
Lecture01: Introduction to Security and Privacy in Cloud Computingragibhasan
 
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...Gohsuke Takama
 
The Security and Privacy Threats to Cloud Computing
The Security and Privacy Threats to Cloud ComputingThe Security and Privacy Threats to Cloud Computing
The Security and Privacy Threats to Cloud ComputingAnkit Singh
 
How to use Singapore Jobsbank (new regulations under the Fair Consideration F...
How to use Singapore Jobsbank (new regulations under the Fair Consideration F...How to use Singapore Jobsbank (new regulations under the Fair Consideration F...
How to use Singapore Jobsbank (new regulations under the Fair Consideration F...33 Talent
 

En vedette (18)

Data Protection & Privacy in Malaysian Total Hospital Information System
Data Protection & Privacy in Malaysian Total Hospital Information SystemData Protection & Privacy in Malaysian Total Hospital Information System
Data Protection & Privacy in Malaysian Total Hospital Information System
 
Personal data Protection Act Singapore How-to Perform Assessment
Personal data Protection Act Singapore How-to Perform AssessmentPersonal data Protection Act Singapore How-to Perform Assessment
Personal data Protection Act Singapore How-to Perform Assessment
 
Trust, security and privacy issues with cloud erp
Trust, security and privacy issues with cloud erpTrust, security and privacy issues with cloud erp
Trust, security and privacy issues with cloud erp
 
Dirección administrativa
Dirección administrativa Dirección administrativa
Dirección administrativa
 
1430 mr andrew fung insights from tafep’s initiatives and research on effec...
1430 mr andrew fung insights from tafep’s initiatives and research on effec...1430 mr andrew fung insights from tafep’s initiatives and research on effec...
1430 mr andrew fung insights from tafep’s initiatives and research on effec...
 
Employment Fair Fg Presentation(5)
Employment Fair Fg Presentation(5)Employment Fair Fg Presentation(5)
Employment Fair Fg Presentation(5)
 
Cybercrime Court Decisions from Latin America - Legal and Policy Developments...
Cybercrime Court Decisions from Latin America - Legal and Policy Developments...Cybercrime Court Decisions from Latin America - Legal and Policy Developments...
Cybercrime Court Decisions from Latin America - Legal and Policy Developments...
 
Outsourcing and transfer of personal data - Titta Penttilä - TeliaSonera
Outsourcing and transfer of personal data - Titta Penttilä - TeliaSoneraOutsourcing and transfer of personal data - Titta Penttilä - TeliaSonera
Outsourcing and transfer of personal data - Titta Penttilä - TeliaSonera
 
Personal Data Protection for your Church
Personal Data Protection for your ChurchPersonal Data Protection for your Church
Personal Data Protection for your Church
 
Ethics and information security 2
Ethics and information security 2Ethics and information security 2
Ethics and information security 2
 
HR Recruitment Trends 2014
HR Recruitment Trends 2014HR Recruitment Trends 2014
HR Recruitment Trends 2014
 
Overview of Information Security & Privacy
Overview of Information Security & PrivacyOverview of Information Security & Privacy
Overview of Information Security & Privacy
 
Emerging Trends in Information Security and Privacy
Emerging Trends in Information Security and PrivacyEmerging Trends in Information Security and Privacy
Emerging Trends in Information Security and Privacy
 
Lecture01: Introduction to Security and Privacy in Cloud Computing
Lecture01: Introduction to Security and Privacy in Cloud ComputingLecture01: Introduction to Security and Privacy in Cloud Computing
Lecture01: Introduction to Security and Privacy in Cloud Computing
 
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
 
The Security and Privacy Threats to Cloud Computing
The Security and Privacy Threats to Cloud ComputingThe Security and Privacy Threats to Cloud Computing
The Security and Privacy Threats to Cloud Computing
 
Pdpa(kewal)
Pdpa(kewal)Pdpa(kewal)
Pdpa(kewal)
 
How to use Singapore Jobsbank (new regulations under the Fair Consideration F...
How to use Singapore Jobsbank (new regulations under the Fair Consideration F...How to use Singapore Jobsbank (new regulations under the Fair Consideration F...
How to use Singapore Jobsbank (new regulations under the Fair Consideration F...
 

Similaire à Personal Data Protection Singapore - Pdpc corporate-brochure

Personal Data Protection in Malaysia
Personal Data Protection in MalaysiaPersonal Data Protection in Malaysia
Personal Data Protection in Malaysiakhenghoe
 
The 22nd Legal Forum Seminar (Nov 2021)
The 22nd Legal Forum Seminar (Nov 2021)The 22nd Legal Forum Seminar (Nov 2021)
The 22nd Legal Forum Seminar (Nov 2021)LawPlus Ltd.
 
The Summary Guide to Compliance with the Kenya Data Protection Law
The Summary Guide to Compliance with the Kenya Data Protection Law The Summary Guide to Compliance with the Kenya Data Protection Law
The Summary Guide to Compliance with the Kenya Data Protection Law Owako Rodah
 
Top 10 GDPR Requirements
Top 10 GDPR RequirementsTop 10 GDPR Requirements
Top 10 GDPR RequirementsRusty Stanberry
 
GDPR webinar for business leaders
GDPR webinar for business leadersGDPR webinar for business leaders
GDPR webinar for business leadersDeeson
 
Data protection training emea new joiners. mandatory quiz
Data protection training emea new joiners. mandatory quizData protection training emea new joiners. mandatory quiz
Data protection training emea new joiners. mandatory quizDeborahchiesa
 
Siskinds | Incident Response Plan
Siskinds | Incident Response PlanSiskinds | Incident Response Plan
Siskinds | Incident Response PlanNext Dimension Inc.
 
Kyverna Privacy Policy.pdf
Kyverna Privacy Policy.pdfKyverna Privacy Policy.pdf
Kyverna Privacy Policy.pdfmakaylaklenke
 
Privacy Ordinance in Hong Kong
Privacy Ordinance in Hong KongPrivacy Ordinance in Hong Kong
Privacy Ordinance in Hong Kong若水 鲁
 
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...Harrison Clark Rickerbys
 
GDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business AdvisorsGDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business AdvisorsHarrison Clark Rickerbys
 
Australia Privacy Act of 1988
Australia Privacy Act of 1988Australia Privacy Act of 1988
Australia Privacy Act of 1988termsfeed
 
Understanding the UAE Personal Data Protection Law
Understanding the UAE Personal Data Protection LawUnderstanding the UAE Personal Data Protection Law
Understanding the UAE Personal Data Protection LawAhad
 
GDPR: Your Journey to Compliance
GDPR: Your Journey to ComplianceGDPR: Your Journey to Compliance
GDPR: Your Journey to ComplianceCobweb
 
8.1 pco pol_02e_privacy_policy_statement[1]
8.1 pco pol_02e_privacy_policy_statement[1]8.1 pco pol_02e_privacy_policy_statement[1]
8.1 pco pol_02e_privacy_policy_statement[1]divasia
 
Data Privacy Compliance Navigating the Evolving Regulatory Landscape.pdf
Data Privacy Compliance Navigating the Evolving Regulatory Landscape.pdfData Privacy Compliance Navigating the Evolving Regulatory Landscape.pdf
Data Privacy Compliance Navigating the Evolving Regulatory Landscape.pdfCIOWomenMagazine
 
Data protection
Data protectionData protection
Data protectionjayne45
 

Similaire à Personal Data Protection Singapore - Pdpc corporate-brochure (20)

Personal Data Protection in Malaysia
Personal Data Protection in MalaysiaPersonal Data Protection in Malaysia
Personal Data Protection in Malaysia
 
The 22nd Legal Forum Seminar (Nov 2021)
The 22nd Legal Forum Seminar (Nov 2021)The 22nd Legal Forum Seminar (Nov 2021)
The 22nd Legal Forum Seminar (Nov 2021)
 
The Summary Guide to Compliance with the Kenya Data Protection Law
The Summary Guide to Compliance with the Kenya Data Protection Law The Summary Guide to Compliance with the Kenya Data Protection Law
The Summary Guide to Compliance with the Kenya Data Protection Law
 
Gdpr presentation
Gdpr presentationGdpr presentation
Gdpr presentation
 
Top 10 GDPR Requirements
Top 10 GDPR RequirementsTop 10 GDPR Requirements
Top 10 GDPR Requirements
 
GDPR webinar for business leaders
GDPR webinar for business leadersGDPR webinar for business leaders
GDPR webinar for business leaders
 
Data protection training emea new joiners. mandatory quiz
Data protection training emea new joiners. mandatory quizData protection training emea new joiners. mandatory quiz
Data protection training emea new joiners. mandatory quiz
 
Siskinds | Incident Response Plan
Siskinds | Incident Response PlanSiskinds | Incident Response Plan
Siskinds | Incident Response Plan
 
PDPA 2010 at office (HairulHafiz)
PDPA 2010 at office (HairulHafiz)PDPA 2010 at office (HairulHafiz)
PDPA 2010 at office (HairulHafiz)
 
Kyverna Privacy Policy.pdf
Kyverna Privacy Policy.pdfKyverna Privacy Policy.pdf
Kyverna Privacy Policy.pdf
 
Privacy Ordinance in Hong Kong
Privacy Ordinance in Hong KongPrivacy Ordinance in Hong Kong
Privacy Ordinance in Hong Kong
 
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
 
GDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business AdvisorsGDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business Advisors
 
Australia Privacy Act of 1988
Australia Privacy Act of 1988Australia Privacy Act of 1988
Australia Privacy Act of 1988
 
Understanding the UAE Personal Data Protection Law
Understanding the UAE Personal Data Protection LawUnderstanding the UAE Personal Data Protection Law
Understanding the UAE Personal Data Protection Law
 
GDPR: Your Journey to Compliance
GDPR: Your Journey to ComplianceGDPR: Your Journey to Compliance
GDPR: Your Journey to Compliance
 
8.1 pco pol_02e_privacy_policy_statement[1]
8.1 pco pol_02e_privacy_policy_statement[1]8.1 pco pol_02e_privacy_policy_statement[1]
8.1 pco pol_02e_privacy_policy_statement[1]
 
Gdpr for business full
Gdpr for business fullGdpr for business full
Gdpr for business full
 
Data Privacy Compliance Navigating the Evolving Regulatory Landscape.pdf
Data Privacy Compliance Navigating the Evolving Regulatory Landscape.pdfData Privacy Compliance Navigating the Evolving Regulatory Landscape.pdf
Data Privacy Compliance Navigating the Evolving Regulatory Landscape.pdf
 
Data protection
Data protectionData protection
Data protection
 

Dernier

Digital Transformation in the PLM domain - distrib.pdf
Digital Transformation in the PLM domain - distrib.pdfDigital Transformation in the PLM domain - distrib.pdf
Digital Transformation in the PLM domain - distrib.pdfJos Voskuil
 
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdfNewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdfKhaled Al Awadi
 
Ms Motilal Padampat Sugar Mills vs. State of Uttar Pradesh & Ors. - A Milesto...
Ms Motilal Padampat Sugar Mills vs. State of Uttar Pradesh & Ors. - A Milesto...Ms Motilal Padampat Sugar Mills vs. State of Uttar Pradesh & Ors. - A Milesto...
Ms Motilal Padampat Sugar Mills vs. State of Uttar Pradesh & Ors. - A Milesto...ShrutiBose4
 
International Business Environments and Operations 16th Global Edition test b...
International Business Environments and Operations 16th Global Edition test b...International Business Environments and Operations 16th Global Edition test b...
International Business Environments and Operations 16th Global Edition test b...ssuserf63bd7
 
8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCR8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCRashishs7044
 
MAHA Global and IPR: Do Actions Speak Louder Than Words?
MAHA Global and IPR: Do Actions Speak Louder Than Words?MAHA Global and IPR: Do Actions Speak Louder Than Words?
MAHA Global and IPR: Do Actions Speak Louder Than Words?Olivia Kresic
 
Independent Call Girls Andheri Nightlaila 9967584737
Independent Call Girls Andheri Nightlaila 9967584737Independent Call Girls Andheri Nightlaila 9967584737
Independent Call Girls Andheri Nightlaila 9967584737Riya Pathan
 
8447779800, Low rate Call girls in Rohini Delhi NCR
8447779800, Low rate Call girls in Rohini Delhi NCR8447779800, Low rate Call girls in Rohini Delhi NCR
8447779800, Low rate Call girls in Rohini Delhi NCRashishs7044
 
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu Menza
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu MenzaYouth Involvement in an Innovative Coconut Value Chain by Mwalimu Menza
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu Menzaictsugar
 
Call Girls in DELHI Cantt, ( Call Me )-8377877756-Female Escort- In Delhi / Ncr
Call Girls in DELHI Cantt, ( Call Me )-8377877756-Female Escort- In Delhi / NcrCall Girls in DELHI Cantt, ( Call Me )-8377877756-Female Escort- In Delhi / Ncr
Call Girls in DELHI Cantt, ( Call Me )-8377877756-Female Escort- In Delhi / Ncrdollysharma2066
 
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...ictsugar
 
Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03DallasHaselhorst
 
Innovation Conference 5th March 2024.pdf
Innovation Conference 5th March 2024.pdfInnovation Conference 5th March 2024.pdf
Innovation Conference 5th March 2024.pdfrichard876048
 
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCRashishs7044
 
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607dollysharma2066
 

Dernier (20)

Digital Transformation in the PLM domain - distrib.pdf
Digital Transformation in the PLM domain - distrib.pdfDigital Transformation in the PLM domain - distrib.pdf
Digital Transformation in the PLM domain - distrib.pdf
 
Corporate Profile 47Billion Information Technology
Corporate Profile 47Billion Information TechnologyCorporate Profile 47Billion Information Technology
Corporate Profile 47Billion Information Technology
 
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdfNewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
 
Ms Motilal Padampat Sugar Mills vs. State of Uttar Pradesh & Ors. - A Milesto...
Ms Motilal Padampat Sugar Mills vs. State of Uttar Pradesh & Ors. - A Milesto...Ms Motilal Padampat Sugar Mills vs. State of Uttar Pradesh & Ors. - A Milesto...
Ms Motilal Padampat Sugar Mills vs. State of Uttar Pradesh & Ors. - A Milesto...
 
International Business Environments and Operations 16th Global Edition test b...
International Business Environments and Operations 16th Global Edition test b...International Business Environments and Operations 16th Global Edition test b...
International Business Environments and Operations 16th Global Edition test b...
 
8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCR8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCR
 
Call Us ➥9319373153▻Call Girls In North Goa
Call Us ➥9319373153▻Call Girls In North GoaCall Us ➥9319373153▻Call Girls In North Goa
Call Us ➥9319373153▻Call Girls In North Goa
 
MAHA Global and IPR: Do Actions Speak Louder Than Words?
MAHA Global and IPR: Do Actions Speak Louder Than Words?MAHA Global and IPR: Do Actions Speak Louder Than Words?
MAHA Global and IPR: Do Actions Speak Louder Than Words?
 
Independent Call Girls Andheri Nightlaila 9967584737
Independent Call Girls Andheri Nightlaila 9967584737Independent Call Girls Andheri Nightlaila 9967584737
Independent Call Girls Andheri Nightlaila 9967584737
 
No-1 Call Girls In Goa 93193 VIP 73153 Escort service In North Goa Panaji, Ca...
No-1 Call Girls In Goa 93193 VIP 73153 Escort service In North Goa Panaji, Ca...No-1 Call Girls In Goa 93193 VIP 73153 Escort service In North Goa Panaji, Ca...
No-1 Call Girls In Goa 93193 VIP 73153 Escort service In North Goa Panaji, Ca...
 
8447779800, Low rate Call girls in Rohini Delhi NCR
8447779800, Low rate Call girls in Rohini Delhi NCR8447779800, Low rate Call girls in Rohini Delhi NCR
8447779800, Low rate Call girls in Rohini Delhi NCR
 
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu Menza
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu MenzaYouth Involvement in an Innovative Coconut Value Chain by Mwalimu Menza
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu Menza
 
Call Girls in DELHI Cantt, ( Call Me )-8377877756-Female Escort- In Delhi / Ncr
Call Girls in DELHI Cantt, ( Call Me )-8377877756-Female Escort- In Delhi / NcrCall Girls in DELHI Cantt, ( Call Me )-8377877756-Female Escort- In Delhi / Ncr
Call Girls in DELHI Cantt, ( Call Me )-8377877756-Female Escort- In Delhi / Ncr
 
Japan IT Week 2024 Brochure by 47Billion (English)
Japan IT Week 2024 Brochure by 47Billion (English)Japan IT Week 2024 Brochure by 47Billion (English)
Japan IT Week 2024 Brochure by 47Billion (English)
 
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
 
Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03
 
Innovation Conference 5th March 2024.pdf
Innovation Conference 5th March 2024.pdfInnovation Conference 5th March 2024.pdf
Innovation Conference 5th March 2024.pdf
 
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
 
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
 
Enjoy ➥8448380779▻ Call Girls In Sector 18 Noida Escorts Delhi NCR
Enjoy ➥8448380779▻ Call Girls In Sector 18 Noida Escorts Delhi NCREnjoy ➥8448380779▻ Call Girls In Sector 18 Noida Escorts Delhi NCR
Enjoy ➥8448380779▻ Call Girls In Sector 18 Noida Escorts Delhi NCR
 

Personal Data Protection Singapore - Pdpc corporate-brochure

  • 1. S I N G A P O R E PROTECTION COMMISSION PERSONAL DATA w w w. p d p c . g o v. s g A QUICK GUIDE TO THE PERSONAL DATA PROTECTION ACT 2012 FOR ORGANISATIONS WHEN BUSINESS GETS PERSONAL
  • 2. Organisations today collect and use personal data of individuals such as customers, employees or members of associations. They need such data for providing products and services to customers, understanding customers’ profile and market trends to develop better products and services so as to retain their competitive edge, and managing employment and members’ relationships. These individuals trust organisations to use and disclose their personal data appropriately and keep their information safe. The Personal Data Protection Act 2012 The Personal Data Protection Act 2012 (PDPA) governs the collection, use and disclosure of personal data by private organisations, in a way that recognises both the needs of individuals and organisations. The PDPA contains two sets of requirements, covering personal data protection and the Do Not Call (DNC) registry, which will come into force in mid 2014 and early 2014 respectively. The transition period between now and then is to allow organisations time to review and adopt internal personal data protection policies and practices in accordance with the PDPA. The personal data protection requirements cover personal data stored in electronic and non-electronic forms. The requirements, however, do not apply to: • An individual acting in a personal or domestic capacity. • An employee acting in the course of his/her employment with an organisation. • A public agency or an organisation acting on behalf of a public agency in relation to the collection, use or disclosure of personal data. • Business contact information. This refers to an individual’s name, position name or title, business telephone number/address/email address/fax number and any other similar information about the individual, not provided by the individual solely for his/her personal purposes. • Personal data about a deceased individual, except that the provisions relating to disclosure and protection of personal data will apply to personal data about an individual who has been dead for 10 years or fewer. • Personal data contained in a record that has been in existence for at least 100 years. Individuals • Gives individuals more control over how their personal data is collected, used and disclosed. • Allows individuals to access and correct their personal data held by organisations. Organisations • Builds consumer confidence. • Facilitates safe and protected cross-border transfer of information. • Enhances efficiency and productivity, branding and competitiveness. Singapore • Serves to strengthen Singapore’s position as a trusted hub for data hosting and management activities. BENEFITS Introduction
  • 3. 8 9 7 6 53 2 1 Personal data refers to data, whether true or not, about an individual who can be identified from that data, or from that data and other information to which an organisation has or is likely to have access. These can range from names, contact numbers and addresses to other types of data that do not directly identify an individual on its own but form part of an accessible record about an individual. What is Personal Data? You may continue to use personal data that has been collected before the PDPA comes into effect for the purposes for which the personal data was collected, unless the individual has withdrawn consent. If there is a fresh purpose for the use of the personal data, consent has to be obtained anew. For personal data collected after the PDPA comes into effect, you will have to notify and obtain the individual’s consent to the collection, use and disclosure of his/her personal data. Existing Data Only collect, use or disclose personal data when an individual has given his/her consent. Allow individuals to withdraw consent, with reasonable notice, and inform them of the likely consequences of withdrawal. Upon withdrawal, and depending on the withdrawal request, you must cease to collect, use or disclose their personal data. Make information about your data protection policies, practices and complaints process available on request. Designate one or more individuals to implement personal data protection policies within your organisation. The business contact information of your data protection officer(s) should also be made available to the public. However, compliance with the PDPA remains the responsibility of the organisation. Transfer personal data to another country only according to the requirements prescribed under the regulations, to ensure that the standard of protection provided to the personal data so transferred will be comparable to the protection under the PDPA. Cease retention of personal data or remove the means by which the personal data can be associated with particular individuals when it is no longer necessary for any business or legal purposes. CONSENT OBLIGATION OPENNESS OBLIGATION TRANSFER LIMITATION OBLIGATION RETENTION LIMITATION OBLIGATION Make security arrangements to protect the personal data that you possess or control to prevent unauthorised access, collection, use, disclosure, or similar risks. Ensure that personal data collected by or on behalf of your organisation is reasonably accurate and complete. Notify individuals of the purposes for which you are intending to collect, use or disclose their personal data on or before such collection, use or disclosure of personal data. PROTECTION OBLIGATION ACCURACY OBLIGATIONNOTIFICATION OBLIGATION You may collect, use or disclose personal data about an individual for the purpose for which he/she has given consent. You may not, as a condition of providing a product or service, require the individual to consent to the collection, use or disclosure of his/her personal data beyond what is reasonable to provide that product or service. PURPOSE LIMITATION OBLIGATION Upon request, the personal data of an individual and information about the ways in which his/her personal data may have been used or disclosed in the past year should be provided. You are also required to correct any error or omission in an individual’s personal data upon his/her request. 4ACCESS & CORRECTION OBLIGATION Subject to all the obligations under the PDPA, unless an exception applies. Data Intermediary ORGANISATION Subject to the Protection and Retention Limitation Obligations only, where it processes personal data for another organisation under a written contract. * Please refer to the PDPA for further details on the scope of the Data Protection provisions including the exceptions. Organisations should assess and be satisfied if any exception provided in the PDPA would apply. 9 Main Obligations of the PDPA
  • 4. Here are some possible steps you can take to get started: STEP1 Appoint a Data Protection Officer Designate at least one person to oversee your organisation’s compliance with the PDPA. This person may be an employee in your organisation, and his/her role may include developing policies for handling personal data in electronic or non-electronic forms, communicating internal personal data policies to customers, and handling any queries or complaints about personal data. STEP2 Map Out Your Personal Data Inventory Be responsible for the personal data in your possession or under your control. Be clear about how, when and where you collected the data. Know the purpose of data collection and obtain consent for the use and disclosure of the personal data collected. STEP3 Implement Data Protection Processes After understanding your organisation’s personal data inventory, you should review its data management framework and processes to align them with the PDPA. Here are some things to consider: • Set up policies and processes to inform an individual of the purpose of the collection, use or disclosure of his personal data and obtain his consent. Set up policies and processes to allow the individual to withdraw consent at anytime upon giving reasonable notice. • Establish a clear practice for assessing and processing access and correction requests and complaints. Provide information to customers on how they may request to access and correct their personal data or file a complaint with your organisation. • Regularly review the sufficiency of the protection policy and mechanisms for the personal data in your possession or control. Set clear timelines for the retention of personal data and cease retention of documents containing personal data when no longer required for any business or legal purposes. • Review the terms of engagement with third parties such as agents, partners or data intermediaries to ensure adherence to the PDPA. STEP4 Communicate to Employees Inform all employees of the organisation’s data protection policies and their role in safeguarding personal data. Ensure your employees know what the internal processes are with regard to protecting personal data. STEP5 Establish an Internal Audit Policy Conduct regular internal audits to ensure your organisation’s processes adhere to the PDPA. Getting Started
  • 5. This publication gives a general introduction to information about the personal data protection law in Singapore and best practices. The contents herein are not intended to be an authoritative statement of the law or a substitute for legal advice. The Personal Data Protection Commission (PDPC), the Info-communications Development Authority of Singapore (IDA) and their respective members, officers and employees shall not be responsible for any inaccuracy, error or omission in this publication or liable for any damage or loss of any kind as a result of any use of or reliance on this publication. ©COPYRIGHT May 2013 – Personal Data Protection Commission Singapore and Info-communications Development Authority of Singapore The contents of this publication are protected by copyright, trade mark and other forms of proprietary rights. All rights, title and interest in the contents are owned by, licensed to or controlled by the PDPC and/or IDA, unless otherwise expressly stated. This publication may not be reproduced, republished or transmitted in any form or by any means, in whole or in part, without written permission. There will be three Do Not Call (DNC) Registers created for voice calls, text messages (e.g.SMS/MMS) and fax messages. To opt out of unsolicited telemarketing messages, individuals may register their Singapore telephone numbers with any or all of the DNC Registers for free. Their registration does not expire, unless they withdraw their registrations or terminate their numbers. If your organisation would like to send telemarketing messages via any or all three means, before doing so, you will need to: • check the relevant register(s) before sending telemarketing messages; • provide contact information about the organisation who sent or authorised the sending of the telemarketing messages within the message; and • ensure the calling line identity is not concealed or withheld (for voice calls). If you have obtained the individual’s clear and unambiguous consent in written or other accessible form to receive telemarketing messages specifically through voice calls, text messages or fax messages from your organisation, you may do so regardless of whether he/she is registered with the DNC registry. The DNC registry, however, does not cover messages sent for other purposes, such as service calls or reminder messages sent by organisations to render services bought by the individual. Telemarketing calls or messages of a commercial nature that target businesses are also excluded from the DNC registry provisions. For more information on the exclusion of marketing messages under the DNC provisions, please refer to the Eighth Schedule of the PDPA. Call Us General Enquiries: +65 6377 3131 Quality Service Manager: 1800 270 0222 / +65 6270 0222 Fax Us Fax: +65 6273 7370 Email Us General Enquiries: info@pdpc.gov.sg Quality Service Manager: pdpc_qsm@pdpc.gov.sg Or fill up our online feedback form at www.pdpc.gov.sg/feedback DNC Registry Provisions Useful Information