SlideShare una empresa de Scribd logo

Personal Data Protection Singapore - Pdpc corporate-brochure

Jean Luc Creppy
Jean Luc Creppy

Personal Data Protection Act Brochure for Corporates in Singapore

EmpresarialesTecnología
1 de 5
S I N G A P O R E PROTECTION COMMISSION PERSONAL DATA w w w. p d p c . g o v. s g A QUICK GUIDE TO THE PERSONAL DATA PROTECTION ACT 2012 FOR ORGANISATIONS WHEN BUSINESS GETS PERSONAL
Organisations today collect and use personal data of individuals such as customers, employees or members of associations. They need such data for providing products and services to customers, understanding customers’ profile and market trends to develop better products and services so as to retain their competitive edge, and managing employment and members’ relationships. These individuals trust organisations to use and disclose their personal data appropriately and keep their information safe. The Personal Data Protection Act 2012 The Personal Data Protection Act 2012 (PDPA) governs the collection, use and disclosure of personal data by private organisations, in a way that recognises both the needs of individuals and organisations. The PDPA contains two sets of requirements, covering personal data protection and the Do Not Call (DNC) registry, which will come into force in mid 2014 and early 2014 respectively. The transition period between now and then is to allow organisations time to review and adopt internal personal data protection policies and practices in accordance with the PDPA. The personal data protection requirements cover personal data stored in electronic and non-electronic forms. The requirements, however, do not apply to: • An individual acting in a personal or domestic capacity. • An employee acting in the course of his/her employment with an organisation. • A public agency or an organisation acting on behalf of a public agency in relation to the collection, use or disclosure of personal data. • Business contact information. This refers to an individual’s name, position name or title, business telephone number/address/email address/fax number and any other similar information about the individual, not provided by the individual solely for his/her personal purposes. • Personal data about a deceased individual, except that the provisions relating to disclosure and protection of personal data will apply to personal data about an individual who has been dead for 10 years or fewer. • Personal data contained in a record that has been in existence for at least 100 years. Individuals • Gives individuals more control over how their personal data is collected, used and disclosed. • Allows individuals to access and correct their personal data held by organisations. Organisations • Builds consumer confidence. • Facilitates safe and protected cross-border transfer of information. • Enhances efficiency and productivity, branding and competitiveness. Singapore • Serves to strengthen Singapore’s position as a trusted hub for data hosting and management activities. BENEFITS Introduction
8 9 7 6 53 2 1 Personal data refers to data, whether true or not, about an individual who can be identified from that data, or from that data and other information to which an organisation has or is likely to have access. These can range from names, contact numbers and addresses to other types of data that do not directly identify an individual on its own but form part of an accessible record about an individual. What is Personal Data? You may continue to use personal data that has been collected before the PDPA comes into effect for the purposes for which the personal data was collected, unless the individual has withdrawn consent. If there is a fresh purpose for the use of the personal data, consent has to be obtained anew. For personal data collected after the PDPA comes into effect, you will have to notify and obtain the individual’s consent to the collection, use and disclosure of his/her personal data. Existing Data Only collect, use or disclose personal data when an individual has given his/her consent. Allow individuals to withdraw consent, with reasonable notice, and inform them of the likely consequences of withdrawal. Upon withdrawal, and depending on the withdrawal request, you must cease to collect, use or disclose their personal data. Make information about your data protection policies, practices and complaints process available on request. Designate one or more individuals to implement personal data protection policies within your organisation. The business contact information of your data protection officer(s) should also be made available to the public. However, compliance with the PDPA remains the responsibility of the organisation. Transfer personal data to another country only according to the requirements prescribed under the regulations, to ensure that the standard of protection provided to the personal data so transferred will be comparable to the protection under the PDPA. Cease retention of personal data or remove the means by which the personal data can be associated with particular individuals when it is no longer necessary for any business or legal purposes. CONSENT OBLIGATION OPENNESS OBLIGATION TRANSFER LIMITATION OBLIGATION RETENTION LIMITATION OBLIGATION Make security arrangements to protect the personal data that you possess or control to prevent unauthorised access, collection, use, disclosure, or similar risks. Ensure that personal data collected by or on behalf of your organisation is reasonably accurate and complete. Notify individuals of the purposes for which you are intending to collect, use or disclose their personal data on or before such collection, use or disclosure of personal data. PROTECTION OBLIGATION ACCURACY OBLIGATIONNOTIFICATION OBLIGATION You may collect, use or disclose personal data about an individual for the purpose for which he/she has given consent. You may not, as a condition of providing a product or service, require the individual to consent to the collection, use or disclosure of his/her personal data beyond what is reasonable to provide that product or service. PURPOSE LIMITATION OBLIGATION Upon request, the personal data of an individual and information about the ways in which his/her personal data may have been used or disclosed in the past year should be provided. You are also required to correct any error or omission in an individual’s personal data upon his/her request. 4ACCESS & CORRECTION OBLIGATION Subject to all the obligations under the PDPA, unless an exception applies. Data Intermediary ORGANISATION Subject to the Protection and Retention Limitation Obligations only, where it processes personal data for another organisation under a written contract. * Please refer to the PDPA for further details on the scope of the Data Protection provisions including the exceptions. Organisations should assess and be satisfied if any exception provided in the PDPA would apply. 9 Main Obligations of the PDPA
Here are some possible steps you can take to get started: STEP1 Appoint a Data Protection Officer Designate at least one person to oversee your organisation’s compliance with the PDPA. This person may be an employee in your organisation, and his/her role may include developing policies for handling personal data in electronic or non-electronic forms, communicating internal personal data policies to customers, and handling any queries or complaints about personal data. STEP2 Map Out Your Personal Data Inventory Be responsible for the personal data in your possession or under your control. Be clear about how, when and where you collected the data. Know the purpose of data collection and obtain consent for the use and disclosure of the personal data collected. STEP3 Implement Data Protection Processes After understanding your organisation’s personal data inventory, you should review its data management framework and processes to align them with the PDPA. Here are some things to consider: • Set up policies and processes to inform an individual of the purpose of the collection, use or disclosure of his personal data and obtain his consent. Set up policies and processes to allow the individual to withdraw consent at anytime upon giving reasonable notice. • Establish a clear practice for assessing and processing access and correction requests and complaints. Provide information to customers on how they may request to access and correct their personal data or file a complaint with your organisation. • Regularly review the sufficiency of the protection policy and mechanisms for the personal data in your possession or control. Set clear timelines for the retention of personal data and cease retention of documents containing personal data when no longer required for any business or legal purposes. • Review the terms of engagement with third parties such as agents, partners or data intermediaries to ensure adherence to the PDPA. STEP4 Communicate to Employees Inform all employees of the organisation’s data protection policies and their role in safeguarding personal data. Ensure your employees know what the internal processes are with regard to protecting personal data. STEP5 Establish an Internal Audit Policy Conduct regular internal audits to ensure your organisation’s processes adhere to the PDPA. Getting Started
This publication gives a general introduction to information about the personal data protection law in Singapore and best practices. The contents herein are not intended to be an authoritative statement of the law or a substitute for legal advice. The Personal Data Protection Commission (PDPC), the Info-communications Development Authority of Singapore (IDA) and their respective members, officers and employees shall not be responsible for any inaccuracy, error or omission in this publication or liable for any damage or loss of any kind as a result of any use of or reliance on this publication. ©COPYRIGHT May 2013 – Personal Data Protection Commission Singapore and Info-communications Development Authority of Singapore The contents of this publication are protected by copyright, trade mark and other forms of proprietary rights. All rights, title and interest in the contents are owned by, licensed to or controlled by the PDPC and/or IDA, unless otherwise expressly stated. This publication may not be reproduced, republished or transmitted in any form or by any means, in whole or in part, without written permission. There will be three Do Not Call (DNC) Registers created for voice calls, text messages (e.g.SMS/MMS) and fax messages. To opt out of unsolicited telemarketing messages, individuals may register their Singapore telephone numbers with any or all of the DNC Registers for free. Their registration does not expire, unless they withdraw their registrations or terminate their numbers. If your organisation would like to send telemarketing messages via any or all three means, before doing so, you will need to: • check the relevant register(s) before sending telemarketing messages; • provide contact information about the organisation who sent or authorised the sending of the telemarketing messages within the message; and • ensure the calling line identity is not concealed or withheld (for voice calls). If you have obtained the individual’s clear and unambiguous consent in written or other accessible form to receive telemarketing messages specifically through voice calls, text messages or fax messages from your organisation, you may do so regardless of whether he/she is registered with the DNC registry. The DNC registry, however, does not cover messages sent for other purposes, such as service calls or reminder messages sent by organisations to render services bought by the individual. Telemarketing calls or messages of a commercial nature that target businesses are also excluded from the DNC registry provisions. For more information on the exclusion of marketing messages under the DNC provisions, please refer to the Eighth Schedule of the PDPA. Call Us General Enquiries: +65 6377 3131 Quality Service Manager: 1800 270 0222 / +65 6270 0222 Fax Us Fax: +65 6273 7370 Email Us General Enquiries: info@pdpc.gov.sg Quality Service Manager: pdpc_qsm@pdpc.gov.sg Or fill up our online feedback form at www.pdpc.gov.sg/feedback DNC Registry Provisions Useful Information

Recomendados

Complying with Singapore Personal Data Protection Act - A Practical Guide
Complying with Singapore Personal Data Protection Act - A Practical GuideComplying with Singapore Personal Data Protection Act - A Practical Guide
Complying with Singapore Personal Data Protection Act - A Practical Guide
Daniel Li
 
Applying the Personal Data Protection Act (Singapore)
Applying the Personal Data Protection Act (Singapore)Applying the Personal Data Protection Act (Singapore)
Applying the Personal Data Protection Act (Singapore)
Benjamin Ang
 
Pdpa presentation
Pdpa presentationPdpa presentation
Pdpa presentation
Alan Teh
 
Personal Data Protection Act - Employee Data Privacy
Personal Data Protection Act - Employee Data PrivacyPersonal Data Protection Act - Employee Data Privacy
Personal Data Protection Act - Employee Data Privacy
legalPadmin
 
PDPA Compliance Preparation
PDPA Compliance PreparationPDPA Compliance Preparation
PDPA Compliance Preparation
LawPlus Ltd.
 
Pdpa(kewal)
Pdpa(kewal)Pdpa(kewal)
Pdpa(kewal)
Kewal Pradhan
 
General Data Protection Regulation
General Data Protection RegulationGeneral Data Protection Regulation
General Data Protection Regulation
BCC - Solutions for IBM Collaboration Software
 
DCH Data Protection Training Presentation
DCH Data Protection Training PresentationDCH Data Protection Training Presentation
DCH Data Protection Training Presentation
Mark Gracey
 

Recomendados

Complying with Singapore Personal Data Protection Act - A Practical Guide
Complying with Singapore Personal Data Protection Act - A Practical GuideComplying with Singapore Personal Data Protection Act - A Practical Guide
Complying with Singapore Personal Data Protection Act - A Practical Guide
Daniel Li
 
Applying the Personal Data Protection Act (Singapore)
Applying the Personal Data Protection Act (Singapore)Applying the Personal Data Protection Act (Singapore)
Applying the Personal Data Protection Act (Singapore)
Benjamin Ang
 
Pdpa presentation
Pdpa presentationPdpa presentation
Pdpa presentation
Alan Teh
 
Personal Data Protection Act - Employee Data Privacy
Personal Data Protection Act - Employee Data PrivacyPersonal Data Protection Act - Employee Data Privacy
Personal Data Protection Act - Employee Data Privacy
legalPadmin
 
PDPA Compliance Preparation
PDPA Compliance PreparationPDPA Compliance Preparation
PDPA Compliance Preparation
LawPlus Ltd.
 
Pdpa(kewal)
Pdpa(kewal)Pdpa(kewal)
Pdpa(kewal)
Kewal Pradhan
 
General Data Protection Regulation
General Data Protection RegulationGeneral Data Protection Regulation
General Data Protection Regulation
BCC - Solutions for IBM Collaboration Software
 
DCH Data Protection Training Presentation
DCH Data Protection Training PresentationDCH Data Protection Training Presentation
DCH Data Protection Training Presentation
Mark Gracey
 
Data Privacy in India and data theft
Data Privacy in India and data theftData Privacy in India and data theft
Data Privacy in India and data theft
Amber Gupta
 
Data protection in_india
Data protection in_indiaData protection in_india
Data protection in_india
Altacit Global
 
Highlights of the Singapore Personal Data Protection Act 2012
Highlights of the Singapore Personal Data Protection Act 2012Highlights of the Singapore Personal Data Protection Act 2012
Highlights of the Singapore Personal Data Protection Act 2012
Fuji Xerox Singapore
 
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Priyanka Aash
 
What about GDPR?
What about GDPR?What about GDPR?
What about GDPR?
Martin Hawksey
 
The Data Protection Act
The Data Protection ActThe Data Protection Act
The Data Protection Act
SaimaRafiq
 
Introduction to GDPR
Introduction to GDPRIntroduction to GDPR
Introduction to GDPR
Priyab Satoshi
 
PDPA 2010 at office (HairulHafiz)
PDPA 2010 at office (HairulHafiz)PDPA 2010 at office (HairulHafiz)
PDPA 2010 at office (HairulHafiz)
Hairul Hafiz Hasbullah
 
GDPR
GDPRGDPR
GDPR
Gopi PD
 
Personal Data Protection in Indonesia
Personal Data Protection in IndonesiaPersonal Data Protection in Indonesia
Personal Data Protection in Indonesia
Eryk Budi Pratama
 
General Data Protection Regulations (GDPR): Do you understand it and are you ...
General Data Protection Regulations (GDPR): Do you understand it and are you ...General Data Protection Regulations (GDPR): Do you understand it and are you ...
General Data Protection Regulations (GDPR): Do you understand it and are you ...
Cvent
 
Personal Data Protection in Malaysia
Personal Data Protection in MalaysiaPersonal Data Protection in Malaysia
Personal Data Protection in Malaysia
MSC Malaysia Cybercentre @ Bangsar South City
 
Privacy shield: What You Need To Know About Storing EU Data
Privacy shield: What You Need To Know About Storing EU DataPrivacy shield: What You Need To Know About Storing EU Data
Privacy shield: What You Need To Know About Storing EU Data
Schellman & Company
 
GDPR Data Subject Rights - What You Need to Know
GDPR Data Subject Rights - What You Need to KnowGDPR Data Subject Rights - What You Need to Know
GDPR Data Subject Rights - What You Need to Know
Piwik PRO
 
DPDP Act 2023.pdf
DPDP Act 2023.pdfDPDP Act 2023.pdf
DPDP Act 2023.pdf
Priyanka Aash
 
Reasonable security practices and procedures and sensitive personal data or i...
Reasonable security practices and procedures and sensitive personal data or i...Reasonable security practices and procedures and sensitive personal data or i...
Reasonable security practices and procedures and sensitive personal data or i...
Vijay Dalmia
 
Data Protection Predictions for 2023.pdf
Data Protection Predictions for 2023.pdfData Protection Predictions for 2023.pdf
Data Protection Predictions for 2023.pdf
DarylBallesteros3
 
Presentation on GDPR
Presentation on GDPRPresentation on GDPR
Presentation on GDPR
DipanjanDey12
 
GDPR Introduction and overview
GDPR Introduction and overviewGDPR Introduction and overview
GDPR Introduction and overview
Jane Lambert
 
GDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection RegulationGDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection Regulation
Vicky Dallas
 
Data Protection & Privacy in Malaysian Total Hospital Information System
Data Protection & Privacy in Malaysian Total Hospital Information SystemData Protection & Privacy in Malaysian Total Hospital Information System
Data Protection & Privacy in Malaysian Total Hospital Information System
Quotient Consulting
 
Personal data Protection Act Singapore How-to Perform Assessment
Personal data Protection Act Singapore How-to Perform AssessmentPersonal data Protection Act Singapore How-to Perform Assessment
Personal data Protection Act Singapore How-to Perform Assessment
Jean Luc Creppy
 

Más contenido relacionado

La actualidad más candente

Data protection in_india
Data protection in_indiaData protection in_india
Data protection in_india
Altacit Global
 
Highlights of the Singapore Personal Data Protection Act 2012
Highlights of the Singapore Personal Data Protection Act 2012Highlights of the Singapore Personal Data Protection Act 2012
Highlights of the Singapore Personal Data Protection Act 2012
Fuji Xerox Singapore
 
The Data Protection Act
The Data Protection ActThe Data Protection Act
The Data Protection Act
SaimaRafiq
 
General Data Protection Regulations (GDPR): Do you understand it and are you ...
General Data Protection Regulations (GDPR): Do you understand it and are you ...General Data Protection Regulations (GDPR): Do you understand it and are you ...
General Data Protection Regulations (GDPR): Do you understand it and are you ...
Cvent
 
Data Protection Predictions for 2023.pdf
Data Protection Predictions for 2023.pdfData Protection Predictions for 2023.pdf
Data Protection Predictions for 2023.pdf
DarylBallesteros3
 

La actualidad más candente (20)

Data Privacy in India and data theft
Data Privacy in India and data theftData Privacy in India and data theft
Data Privacy in India and data theft
 
Data protection in_india
Data protection in_indiaData protection in_india
Data protection in_india
 
Highlights of the Singapore Personal Data Protection Act 2012
Highlights of the Singapore Personal Data Protection Act 2012Highlights of the Singapore Personal Data Protection Act 2012
Highlights of the Singapore Personal Data Protection Act 2012
 
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
 
What about GDPR?
What about GDPR?What about GDPR?
What about GDPR?
 
The Data Protection Act
The Data Protection ActThe Data Protection Act
The Data Protection Act
 
Introduction to GDPR
Introduction to GDPRIntroduction to GDPR
Introduction to GDPR
 
PDPA 2010 at office (HairulHafiz)
PDPA 2010 at office (HairulHafiz)PDPA 2010 at office (HairulHafiz)
PDPA 2010 at office (HairulHafiz)
 
GDPR
GDPRGDPR
GDPR
 
Personal Data Protection in Indonesia
Personal Data Protection in IndonesiaPersonal Data Protection in Indonesia
Personal Data Protection in Indonesia
 
General Data Protection Regulations (GDPR): Do you understand it and are you ...
General Data Protection Regulations (GDPR): Do you understand it and are you ...General Data Protection Regulations (GDPR): Do you understand it and are you ...
General Data Protection Regulations (GDPR): Do you understand it and are you ...
 
Personal Data Protection in Malaysia
Personal Data Protection in MalaysiaPersonal Data Protection in Malaysia
Personal Data Protection in Malaysia
 
Privacy shield: What You Need To Know About Storing EU Data
Privacy shield: What You Need To Know About Storing EU DataPrivacy shield: What You Need To Know About Storing EU Data
Privacy shield: What You Need To Know About Storing EU Data
 
GDPR Data Subject Rights - What You Need to Know
GDPR Data Subject Rights - What You Need to KnowGDPR Data Subject Rights - What You Need to Know
GDPR Data Subject Rights - What You Need to Know
 
DPDP Act 2023.pdf
DPDP Act 2023.pdfDPDP Act 2023.pdf
DPDP Act 2023.pdf
 
Reasonable security practices and procedures and sensitive personal data or i...
Reasonable security practices and procedures and sensitive personal data or i...Reasonable security practices and procedures and sensitive personal data or i...
Reasonable security practices and procedures and sensitive personal data or i...
 
Data Protection Predictions for 2023.pdf
Data Protection Predictions for 2023.pdfData Protection Predictions for 2023.pdf
Data Protection Predictions for 2023.pdf
 
Presentation on GDPR
Presentation on GDPRPresentation on GDPR
Presentation on GDPR
 
GDPR Introduction and overview
GDPR Introduction and overviewGDPR Introduction and overview
GDPR Introduction and overview
 
GDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection RegulationGDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection Regulation
 

Destacado

1430 mr andrew fung insights from tafep’s initiatives and research on effec...
1430 mr andrew fung insights from tafep’s initiatives and research on effec...1430 mr andrew fung insights from tafep’s initiatives and research on effec...
1430 mr andrew fung insights from tafep’s initiatives and research on effec...
Age Friendly Workforce Asia
 
Cybercrime Court Decisions from Latin America - Legal and Policy Developments...
Cybercrime Court Decisions from Latin America - Legal and Policy Developments...Cybercrime Court Decisions from Latin America - Legal and Policy Developments...
Cybercrime Court Decisions from Latin America - Legal and Policy Developments...
Cédric Laurant
 
Emerging Trends in Information Security and Privacy
Emerging Trends in Information Security and PrivacyEmerging Trends in Information Security and Privacy
Emerging Trends in Information Security and Privacy
lgcdcpas
 
The Security and Privacy Threats to Cloud Computing
The Security and Privacy Threats to Cloud ComputingThe Security and Privacy Threats to Cloud Computing
The Security and Privacy Threats to Cloud Computing
Ankit Singh
 

Destacado (17)

Data Protection & Privacy in Malaysian Total Hospital Information System
Data Protection & Privacy in Malaysian Total Hospital Information SystemData Protection & Privacy in Malaysian Total Hospital Information System
Data Protection & Privacy in Malaysian Total Hospital Information System
 
Personal data Protection Act Singapore How-to Perform Assessment
Personal data Protection Act Singapore How-to Perform AssessmentPersonal data Protection Act Singapore How-to Perform Assessment
Personal data Protection Act Singapore How-to Perform Assessment
 
Trust, security and privacy issues with cloud erp
Trust, security and privacy issues with cloud erpTrust, security and privacy issues with cloud erp
Trust, security and privacy issues with cloud erp
 
Dirección administrativa
Dirección administrativa Dirección administrativa
Dirección administrativa
 
1430 mr andrew fung insights from tafep’s initiatives and research on effec...
1430 mr andrew fung insights from tafep’s initiatives and research on effec...1430 mr andrew fung insights from tafep’s initiatives and research on effec...
1430 mr andrew fung insights from tafep’s initiatives and research on effec...
 
Employment Fair Fg Presentation(5)
Employment Fair Fg Presentation(5)Employment Fair Fg Presentation(5)
Employment Fair Fg Presentation(5)
 
Cybercrime Court Decisions from Latin America - Legal and Policy Developments...
Cybercrime Court Decisions from Latin America - Legal and Policy Developments...Cybercrime Court Decisions from Latin America - Legal and Policy Developments...
Cybercrime Court Decisions from Latin America - Legal and Policy Developments...
 
Outsourcing and transfer of personal data - Titta Penttilä - TeliaSonera
Outsourcing and transfer of personal data - Titta Penttilä - TeliaSoneraOutsourcing and transfer of personal data - Titta Penttilä - TeliaSonera
Outsourcing and transfer of personal data - Titta Penttilä - TeliaSonera
 
Personal Data Protection for your Church
Personal Data Protection for your ChurchPersonal Data Protection for your Church
Personal Data Protection for your Church
 
Ethics and information security 2
Ethics and information security 2Ethics and information security 2
Ethics and information security 2
 
HR Recruitment Trends 2014
HR Recruitment Trends 2014HR Recruitment Trends 2014
HR Recruitment Trends 2014
 
Overview of Information Security & Privacy
Overview of Information Security & PrivacyOverview of Information Security & Privacy
Overview of Information Security & Privacy
 
Emerging Trends in Information Security and Privacy
Emerging Trends in Information Security and PrivacyEmerging Trends in Information Security and Privacy
Emerging Trends in Information Security and Privacy
 
Lecture01: Introduction to Security and Privacy in Cloud Computing
Lecture01: Introduction to Security and Privacy in Cloud ComputingLecture01: Introduction to Security and Privacy in Cloud Computing
Lecture01: Introduction to Security and Privacy in Cloud Computing
 
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
 
The Security and Privacy Threats to Cloud Computing
The Security and Privacy Threats to Cloud ComputingThe Security and Privacy Threats to Cloud Computing
The Security and Privacy Threats to Cloud Computing
 
How to use Singapore Jobsbank (new regulations under the Fair Consideration F...
How to use Singapore Jobsbank (new regulations under the Fair Consideration F...How to use Singapore Jobsbank (new regulations under the Fair Consideration F...
How to use Singapore Jobsbank (new regulations under the Fair Consideration F...
 

Similar a Personal Data Protection Singapore - Pdpc corporate-brochure

Data protection training emea new joiners. mandatory quiz
Data protection training emea new joiners. mandatory quizData protection training emea new joiners. mandatory quiz
Data protection training emea new joiners. mandatory quiz
Deborahchiesa
 
Privacy Ordinance in Hong Kong
Privacy Ordinance in Hong KongPrivacy Ordinance in Hong Kong
Privacy Ordinance in Hong Kong
若水 鲁
 

Similar a Personal Data Protection Singapore - Pdpc corporate-brochure (20)

Personal Data Protection in Malaysia
Personal Data Protection in MalaysiaPersonal Data Protection in Malaysia
Personal Data Protection in Malaysia
 
The 22nd Legal Forum Seminar (Nov 2021)
The 22nd Legal Forum Seminar (Nov 2021)The 22nd Legal Forum Seminar (Nov 2021)
The 22nd Legal Forum Seminar (Nov 2021)
 
The Summary Guide to Compliance with the Kenya Data Protection Law
The Summary Guide to Compliance with the Kenya Data Protection Law The Summary Guide to Compliance with the Kenya Data Protection Law
The Summary Guide to Compliance with the Kenya Data Protection Law
 
Gdpr presentation
Gdpr presentationGdpr presentation
Gdpr presentation
 
Top 10 GDPR Requirements
Top 10 GDPR RequirementsTop 10 GDPR Requirements
Top 10 GDPR Requirements
 
GDPR webinar for business leaders
GDPR webinar for business leadersGDPR webinar for business leaders
GDPR webinar for business leaders
 
Data protection training emea new joiners. mandatory quiz
Data protection training emea new joiners. mandatory quizData protection training emea new joiners. mandatory quiz
Data protection training emea new joiners. mandatory quiz
 
Siskinds | Incident Response Plan
Siskinds | Incident Response PlanSiskinds | Incident Response Plan
Siskinds | Incident Response Plan
 
Kyverna Privacy Policy.pdf
Kyverna Privacy Policy.pdfKyverna Privacy Policy.pdf
Kyverna Privacy Policy.pdf
 
Privacy Ordinance in Hong Kong
Privacy Ordinance in Hong KongPrivacy Ordinance in Hong Kong
Privacy Ordinance in Hong Kong
 
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
 
GDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business AdvisorsGDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business Advisors
 
GDPR for Dummies
GDPR for DummiesGDPR for Dummies
GDPR for Dummies
 
Australia Privacy Act of 1988
Australia Privacy Act of 1988Australia Privacy Act of 1988
Australia Privacy Act of 1988
 
Understanding the UAE Personal Data Protection Law
Understanding the UAE Personal Data Protection LawUnderstanding the UAE Personal Data Protection Law
Understanding the UAE Personal Data Protection Law
 
GDPR: Your Journey to Compliance
GDPR: Your Journey to ComplianceGDPR: Your Journey to Compliance
GDPR: Your Journey to Compliance
 
8.1 pco pol_02e_privacy_policy_statement[1]
8.1 pco pol_02e_privacy_policy_statement[1]8.1 pco pol_02e_privacy_policy_statement[1]
8.1 pco pol_02e_privacy_policy_statement[1]
 
Gdpr for business full
Gdpr for business fullGdpr for business full
Gdpr for business full
 
Data Privacy Compliance Navigating the Evolving Regulatory Landscape.pdf
Data Privacy Compliance Navigating the Evolving Regulatory Landscape.pdfData Privacy Compliance Navigating the Evolving Regulatory Landscape.pdf
Data Privacy Compliance Navigating the Evolving Regulatory Landscape.pdf
 
Data protection
Data protectionData protection
Data protection
 

Último

Call Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine ServiceCall Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine Service
ritikaroy0888
 
Mifty kit IN Salmiya (+918133066128) Abortion pills IN Salmiyah Cytotec pills
Mifty kit IN Salmiya (+918133066128) Abortion pills IN Salmiyah Cytotec pillsMifty kit IN Salmiya (+918133066128) Abortion pills IN Salmiyah Cytotec pills
Mifty kit IN Salmiya (+918133066128) Abortion pills IN Salmiyah Cytotec pills
Abortion pills in Kuwait Cytotec pills in Kuwait
 
Insurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageInsurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usage
Matteo Carbone
 
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Dipal Arora
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
dollysharma2066
 
Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...
Roland Driesen
 
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
anilsa9823
 
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service BangaloreCall Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
amitlee9823
 
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
lizamodels9
 
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableCall Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Dipal Arora
 
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
amitlee9823
 

Último (20)

Call Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine ServiceCall Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine Service
 
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdfDr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
 
Mifty kit IN Salmiya (+918133066128) Abortion pills IN Salmiyah Cytotec pills
Mifty kit IN Salmiya (+918133066128) Abortion pills IN Salmiyah Cytotec pillsMifty kit IN Salmiya (+918133066128) Abortion pills IN Salmiyah Cytotec pills
Mifty kit IN Salmiya (+918133066128) Abortion pills IN Salmiyah Cytotec pills
 
Insurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageInsurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usage
 
Pharma Works Profile of Karan Communications
Pharma Works Profile of Karan CommunicationsPharma Works Profile of Karan Communications
Pharma Works Profile of Karan Communications
 
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
 
Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...
 
Famous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st CenturyFamous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st Century
 
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
 
Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...
 
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service BangaloreCall Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
 
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
 
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptxB.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
 
Forklift Operations: Safety through Cartoons
Forklift Operations: Safety through CartoonsForklift Operations: Safety through Cartoons
Forklift Operations: Safety through Cartoons
 
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableCall Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
 
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
 
Value Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsValue Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and pains
 
Regression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRegression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear Regression
 
John Halpern sued for sexual assault.pdf
John Halpern sued for sexual assault.pdfJohn Halpern sued for sexual assault.pdf
John Halpern sued for sexual assault.pdf
 

Personal Data Protection Singapore - Pdpc corporate-brochure

  • 1. S I N G A P O R E PROTECTION COMMISSION PERSONAL DATA w w w. p d p c . g o v. s g A QUICK GUIDE TO THE PERSONAL DATA PROTECTION ACT 2012 FOR ORGANISATIONS WHEN BUSINESS GETS PERSONAL
  • 2. Organisations today collect and use personal data of individuals such as customers, employees or members of associations. They need such data for providing products and services to customers, understanding customers’ profile and market trends to develop better products and services so as to retain their competitive edge, and managing employment and members’ relationships. These individuals trust organisations to use and disclose their personal data appropriately and keep their information safe. The Personal Data Protection Act 2012 The Personal Data Protection Act 2012 (PDPA) governs the collection, use and disclosure of personal data by private organisations, in a way that recognises both the needs of individuals and organisations. The PDPA contains two sets of requirements, covering personal data protection and the Do Not Call (DNC) registry, which will come into force in mid 2014 and early 2014 respectively. The transition period between now and then is to allow organisations time to review and adopt internal personal data protection policies and practices in accordance with the PDPA. The personal data protection requirements cover personal data stored in electronic and non-electronic forms. The requirements, however, do not apply to: • An individual acting in a personal or domestic capacity. • An employee acting in the course of his/her employment with an organisation. • A public agency or an organisation acting on behalf of a public agency in relation to the collection, use or disclosure of personal data. • Business contact information. This refers to an individual’s name, position name or title, business telephone number/address/email address/fax number and any other similar information about the individual, not provided by the individual solely for his/her personal purposes. • Personal data about a deceased individual, except that the provisions relating to disclosure and protection of personal data will apply to personal data about an individual who has been dead for 10 years or fewer. • Personal data contained in a record that has been in existence for at least 100 years. Individuals • Gives individuals more control over how their personal data is collected, used and disclosed. • Allows individuals to access and correct their personal data held by organisations. Organisations • Builds consumer confidence. • Facilitates safe and protected cross-border transfer of information. • Enhances efficiency and productivity, branding and competitiveness. Singapore • Serves to strengthen Singapore’s position as a trusted hub for data hosting and management activities. BENEFITS Introduction
  • 3. 8 9 7 6 53 2 1 Personal data refers to data, whether true or not, about an individual who can be identified from that data, or from that data and other information to which an organisation has or is likely to have access. These can range from names, contact numbers and addresses to other types of data that do not directly identify an individual on its own but form part of an accessible record about an individual. What is Personal Data? You may continue to use personal data that has been collected before the PDPA comes into effect for the purposes for which the personal data was collected, unless the individual has withdrawn consent. If there is a fresh purpose for the use of the personal data, consent has to be obtained anew. For personal data collected after the PDPA comes into effect, you will have to notify and obtain the individual’s consent to the collection, use and disclosure of his/her personal data. Existing Data Only collect, use or disclose personal data when an individual has given his/her consent. Allow individuals to withdraw consent, with reasonable notice, and inform them of the likely consequences of withdrawal. Upon withdrawal, and depending on the withdrawal request, you must cease to collect, use or disclose their personal data. Make information about your data protection policies, practices and complaints process available on request. Designate one or more individuals to implement personal data protection policies within your organisation. The business contact information of your data protection officer(s) should also be made available to the public. However, compliance with the PDPA remains the responsibility of the organisation. Transfer personal data to another country only according to the requirements prescribed under the regulations, to ensure that the standard of protection provided to the personal data so transferred will be comparable to the protection under the PDPA. Cease retention of personal data or remove the means by which the personal data can be associated with particular individuals when it is no longer necessary for any business or legal purposes. CONSENT OBLIGATION OPENNESS OBLIGATION TRANSFER LIMITATION OBLIGATION RETENTION LIMITATION OBLIGATION Make security arrangements to protect the personal data that you possess or control to prevent unauthorised access, collection, use, disclosure, or similar risks. Ensure that personal data collected by or on behalf of your organisation is reasonably accurate and complete. Notify individuals of the purposes for which you are intending to collect, use or disclose their personal data on or before such collection, use or disclosure of personal data. PROTECTION OBLIGATION ACCURACY OBLIGATIONNOTIFICATION OBLIGATION You may collect, use or disclose personal data about an individual for the purpose for which he/she has given consent. You may not, as a condition of providing a product or service, require the individual to consent to the collection, use or disclosure of his/her personal data beyond what is reasonable to provide that product or service. PURPOSE LIMITATION OBLIGATION Upon request, the personal data of an individual and information about the ways in which his/her personal data may have been used or disclosed in the past year should be provided. You are also required to correct any error or omission in an individual’s personal data upon his/her request. 4ACCESS & CORRECTION OBLIGATION Subject to all the obligations under the PDPA, unless an exception applies. Data Intermediary ORGANISATION Subject to the Protection and Retention Limitation Obligations only, where it processes personal data for another organisation under a written contract. * Please refer to the PDPA for further details on the scope of the Data Protection provisions including the exceptions. Organisations should assess and be satisfied if any exception provided in the PDPA would apply. 9 Main Obligations of the PDPA
  • 4. Here are some possible steps you can take to get started: STEP1 Appoint a Data Protection Officer Designate at least one person to oversee your organisation’s compliance with the PDPA. This person may be an employee in your organisation, and his/her role may include developing policies for handling personal data in electronic or non-electronic forms, communicating internal personal data policies to customers, and handling any queries or complaints about personal data. STEP2 Map Out Your Personal Data Inventory Be responsible for the personal data in your possession or under your control. Be clear about how, when and where you collected the data. Know the purpose of data collection and obtain consent for the use and disclosure of the personal data collected. STEP3 Implement Data Protection Processes After understanding your organisation’s personal data inventory, you should review its data management framework and processes to align them with the PDPA. Here are some things to consider: • Set up policies and processes to inform an individual of the purpose of the collection, use or disclosure of his personal data and obtain his consent. Set up policies and processes to allow the individual to withdraw consent at anytime upon giving reasonable notice. • Establish a clear practice for assessing and processing access and correction requests and complaints. Provide information to customers on how they may request to access and correct their personal data or file a complaint with your organisation. • Regularly review the sufficiency of the protection policy and mechanisms for the personal data in your possession or control. Set clear timelines for the retention of personal data and cease retention of documents containing personal data when no longer required for any business or legal purposes. • Review the terms of engagement with third parties such as agents, partners or data intermediaries to ensure adherence to the PDPA. STEP4 Communicate to Employees Inform all employees of the organisation’s data protection policies and their role in safeguarding personal data. Ensure your employees know what the internal processes are with regard to protecting personal data. STEP5 Establish an Internal Audit Policy Conduct regular internal audits to ensure your organisation’s processes adhere to the PDPA. Getting Started
  • 5. This publication gives a general introduction to information about the personal data protection law in Singapore and best practices. The contents herein are not intended to be an authoritative statement of the law or a substitute for legal advice. The Personal Data Protection Commission (PDPC), the Info-communications Development Authority of Singapore (IDA) and their respective members, officers and employees shall not be responsible for any inaccuracy, error or omission in this publication or liable for any damage or loss of any kind as a result of any use of or reliance on this publication. ©COPYRIGHT May 2013 – Personal Data Protection Commission Singapore and Info-communications Development Authority of Singapore The contents of this publication are protected by copyright, trade mark and other forms of proprietary rights. All rights, title and interest in the contents are owned by, licensed to or controlled by the PDPC and/or IDA, unless otherwise expressly stated. This publication may not be reproduced, republished or transmitted in any form or by any means, in whole or in part, without written permission. There will be three Do Not Call (DNC) Registers created for voice calls, text messages (e.g.SMS/MMS) and fax messages. To opt out of unsolicited telemarketing messages, individuals may register their Singapore telephone numbers with any or all of the DNC Registers for free. Their registration does not expire, unless they withdraw their registrations or terminate their numbers. If your organisation would like to send telemarketing messages via any or all three means, before doing so, you will need to: • check the relevant register(s) before sending telemarketing messages; • provide contact information about the organisation who sent or authorised the sending of the telemarketing messages within the message; and • ensure the calling line identity is not concealed or withheld (for voice calls). If you have obtained the individual’s clear and unambiguous consent in written or other accessible form to receive telemarketing messages specifically through voice calls, text messages or fax messages from your organisation, you may do so regardless of whether he/she is registered with the DNC registry. The DNC registry, however, does not cover messages sent for other purposes, such as service calls or reminder messages sent by organisations to render services bought by the individual. Telemarketing calls or messages of a commercial nature that target businesses are also excluded from the DNC registry provisions. For more information on the exclusion of marketing messages under the DNC provisions, please refer to the Eighth Schedule of the PDPA. Call Us General Enquiries: +65 6377 3131 Quality Service Manager: 1800 270 0222 / +65 6270 0222 Fax Us Fax: +65 6273 7370 Email Us General Enquiries: info@pdpc.gov.sg Quality Service Manager: pdpc_qsm@pdpc.gov.sg Or fill up our online feedback form at www.pdpc.gov.sg/feedback DNC Registry Provisions Useful Information