4. • Refresher
• MyCEB PDPA Policy and Clauses in
Agreement
• Where are We?
• Action Plan
5. REFRESHER
Personal Data is
Information about an individual that is recorded in any
form
Types of Data
Data Subject/ User/Processor
What is Personal Data?
NRIC, Home address, age, blood type, marital status,
credit card etc
WHAT YOU WILL LEARN:
6. REFRESHER
What is the 7 Principles?
1 General
2 Notice & Choice
3 Disclosure
4 Security
5 Retention
6 Integrity
7 Access
10. WHERE ARE WE ?
Collection of Personal Data
1 Do you collect personal data about your customer
2 Do you have a personal data inventory map on ( what data is collected?/
who collects?/ where it is stored?/ who it is disclosed to?
3 When collecting personal data, do you clearly inform the individual the
purpose for which it will be collected and obtain consent?
4 Do you ensure that 3rd party has obtained consent from the individuals
to disclose the personal data?
5 Is there a formal process for the withdrawal of consent by individuals in
respect of the collection?
11. WHERE ARE WE ?
Use Of Personal Data
6 Do you limit the use of personal data collected to only purposes that you
have obtained consent for?
7 Before data protection requirements of the PDPA come into operation,
are you using the personal data only for purposes that it was collected
for?
Disclosure of Personal Data
8 Do you limit the disclosure of personal data collected to only purposes
that you have obtained consent for?
12. WHERE ARE WE ?
Access and Rights
9 Have you established a formal procedure to handle requests for access
to personal data?
10 Do you have a list of 3rd party organisations to whom personal data was
disclosed and for what purpose?
11 Have you established a formal procedure to handle correction requests of
personal data?
Protection Obligation
12 Have you assessed the personal data protection risks within your
organisation and put in place personal data security policies?
13 Is the personal data that you hold adequately classified
14 Is the personal data kept in a secure manner?
13. WHERE ARE WE ?
Retention Limitation
15 Is there regular data housekeeping
16 Do you remove personal data no longer needed for business or legal
purposes?
14. ACTION PLAN
BE & MME
Implementation: Stage 2
• Forms & Agreements (Internal & External)
• Person In Charge for each Division
• Established Retention Policy on Data
• Housekeeping (Clean up Data and update)
• Provide an access for Data Subject to amend
• Exercise PDPA Policy Form across the board
15. CONGRATULATIONS!
You have just completed Privacy and Personal
data (Part 1) under MyCEB Personal Data Protection
2010
THANK YOU