SlideShare a Scribd company logo

PDPA 2010 (Part 4) by Hairul Hafiz Hasbullah

H
Hairul Hafiz Hasbullah

In a nutshell, for the electronic and non-electronic data, user shall take practical steps to protect the personal data from any loss, misuse, modifications, unauthorised or alteration. As for retention standard , data user shall take reasonable steps to ensure that all personal data is destroyed or permanently deleted if it is no longer required for the purpose for which it was to be processed. Finally, on integrity standard, a data user need to ensure the personal data is accurate, complete, not misleading and kept updated by having regards to the collection purpose.

Law
1 of 15
Download to read offline
Malaysia: Personal Data Protection Act (PDPA) 2010 Hairul Hafiz B Hasbullah Data Protection (Part 3) Implementation of security to protect data
Where Are We? : Stage 2 • Awareness program on PDPA 2010 • Establish a data protection task force • Conduct a Privacy Impact Assessment • Obtain Consent for use of personal data • Prepare standard data protection notice and clause in Agreement
Where Are We? : Stage 2 (After Briefing on 12-13 April 2017) • Review plan established during Stage 1 • Establish procedures and forms to handle data protection complaints • Establish processes for training of relevant staff • Implementation of security to protect data (a) physical access (b) electronic access
Action Plan : Stage 3 • Implementation of security to protect data (a) Electronic access (b) Non-electronic access (c) Retention standard (d) Data Integrity standard
NO DESCRIPTIONS Person In- charge (PIC)/Depart 1 Register all employees involved in the processing of personal data BE/MME/HR 2 Terminate an employee’s access rights to personal data after his/her resignation, termination, termination of contract or agreement, or adjustment in accordance with changes in MyCEB HR/IT 3 Control and limit employees’ access to personal data system for the purpose of collecting, processing and storing of personal data BE/MME/HR/IT 4 Provide user ID and password for authorised employees to access personal data BE/MME/HR/IT A Establishment of the Security Standard for Personal Data Processed for Electronic
NO DESCRIPTIONS Person In- charge (PIC)/Depart 5 Terminate user ID and password immediately when an employee who is authorised access to personal data is no longer handling the data BE/MME/HR 6 Establish physical security procedures as follows: i. Control the movement in an out of the data storage site ii. Storage personal data in an appropriate location which is unexposed and safe from physical or natural threats IT 7 Update the Back up/ Recovery system and anti-virus to prevent personal data intrusion and such IT Establishment of the Security Standard for Personal Data Processed for Electronic
NO DESCRIPTIONS Person In- charge (PIC)/Depart 8 Safeguard the computer system from malware threats to prevent attacks on personal data IT 9 The transfer of personal data through removable media device and cloud computing service is not permitted unless with written consent by an officer authorised by the management of the MyCEB data user BE/MME 10 Record any transfer of data through removable media device and cloud computing service BE/MME/HR Establishment of the Security Standard for Personal Data Processed for Electronic
NO DESCRIPTIONS Person In- charge (PIC)/Depart 11 Personal data transfer through cloud computing service must comply with the personal data protection principles in Malaysia, as well as with personal data protection laws of other countries. LEGAL 12 Ensure that all employees involved in processing personal data always protect the confidentiality of the data subject’s personal data. BE/MME/HR 13 Bind an appointed third party by the data user with a contract for operating and carrying out personal data processing activities. This is to ensure the safety of personal data from loss, misuse, modification, unauthorised access and disclosure. LEGAL Establishment of the Security Standard for Personal Data Processed for Electronic
NO DESCRIPTIONS Person In- charge (PIC)/Depart 1 Register employees handling personal data into a system/registration book before allowed access to personal data BE/MME/HR 2 Terminate an employee’s access rights to personal data after his/her resignation, termination, termination of contract or agreement, or adjustment in accordance with changes in MyCEB BE/MME/HR/IT 3 Control and limit employees’ access to personal data system for the purpose of collecting, processing and storing of personal data BE/MME/HR B Establishment of the security standard for personal data processed for non -electronic
NO DESCRIPTIONS Person In- charge (PIC)/Depart 4 Establish physical security procedures as follows: i. Store all personal data orderly in files; and ii. Store all files containing personal data in a locked place BE/MME/HR 5 Maintain a proper record access to personal data periodically and make such record the confidentiality of the data subject’s personal data BE/MME/HR 6 Record personal data transferred conventionally such as through mail, delivery, fax and etc BE/MME/HR Establishment of the security standard for personal data processed for non -electronic
NO DESCRIPTIONS Person In- charge (PIC)/Depart 7 Ensure that all used papers, printed documents or other documents exhibiting personal data are destroyed thoroughly and efficiently by using shredding machine or other appropriate methods BE/MME/HR 8 Conduct awareness programmes to all employees on the responsibility to protect personal data LEGAL Establishment of the security standard for personal data processed for non -electronic
NO DESCRIPTIONS Person In- charge (PIC)/Depart 1 Determine the retention period relating to the processing and retention personal data are fulfilled before destroying the data ( normal practice is within 6 years) BE/MME/HR 2 Keep personal data no longer than necessary unless there are requirements by other legal provisions BE/MME/HR 3 Maintain a proper record of personal data disposal periodically BE/MME/HR C Establishment of the Retention Standard
NO DESCRIPTIONS Person In- charge (PIC)/Depart 4 Dispose personal data collection forms used in commercial transactions within the period not exceeding 14 days, except if the forms carry legal values in relation to the commercial transaction BE/MME/HR 5 Review and dispose all unwanted personal data in the database (eg MyCEB CRM) BE/MME/HR 6 Prepare a personal data disposal schedule for inactive data with a 24 month period. BE/MME/HR 7 The use of removable media device for storing personal data is not permitted without written approval from MyCEB management. BE/MME/HR/IT Establishment of the Retention Standard
NO DESCRIPTIONS Person In- charge (PIC)/Depart 1 Provide personal data update form for data subjects, either via online or conventional LEGAL 2 Update personal data immediately once data correction notice is received from data subject BE/MME/HR 3 Ensure that all relevant legislation is fulfilled in determining the type of documents required to support the validity of the data subject’s personal data LEGAL 4 Notify on personal data updates either through the portal or notice at premises or by other appropriate methods MARCOM D Establishment of the Data Integrity Standard
CONGRATULATIONS! You have just completed Privacy and Personal data (Part 1) under MyCEB Personal Data Protection 2010 THANK YOU

Recommended

Pdpa2010 & GDPR (part 5)
Pdpa2010 & GDPR (part 5) Pdpa2010 & GDPR (part 5)
Pdpa2010 & GDPR (part 5)
Hairul Hafiz Hasbullah
 
PDPA 2010 (part 2) - What's Next?
PDPA 2010 (part 2) - What's Next?PDPA 2010 (part 2) - What's Next?
PDPA 2010 (part 2) - What's Next?
Hairul Hafiz Hasbullah
 
PDPA 2010 at office (HairulHafiz)
PDPA 2010 at office (HairulHafiz)PDPA 2010 at office (HairulHafiz)
PDPA 2010 at office (HairulHafiz)
Hairul Hafiz Hasbullah
 
Personal Data Protection in Malaysia
Personal Data Protection in MalaysiaPersonal Data Protection in Malaysia
Personal Data Protection in Malaysia
MSC Malaysia Cybercentre @ Bangsar South City
 
Personal Data Protection in Malaysia
Personal Data Protection in MalaysiaPersonal Data Protection in Malaysia
Personal Data Protection in Malaysia
khenghoe
 
The Data Protection Act What You Need To Know
The Data Protection Act What You Need To KnowThe Data Protection Act What You Need To Know
The Data Protection Act What You Need To Know
EamonnORagh
 
The Data Protection Act
The Data Protection ActThe Data Protection Act
The Data Protection Act
SaimaRafiq
 
Things to know about GDPR in 2018
Things to know about GDPR in 2018Things to know about GDPR in 2018
Things to know about GDPR in 2018
Webkul Software Pvt. Ltd.
 

Recommended

Pdpa2010 & GDPR (part 5)
Pdpa2010 & GDPR (part 5) Pdpa2010 & GDPR (part 5)
Pdpa2010 & GDPR (part 5)
Hairul Hafiz Hasbullah
 
PDPA 2010 (part 2) - What's Next?
PDPA 2010 (part 2) - What's Next?PDPA 2010 (part 2) - What's Next?
PDPA 2010 (part 2) - What's Next?
Hairul Hafiz Hasbullah
 
PDPA 2010 at office (HairulHafiz)
PDPA 2010 at office (HairulHafiz)PDPA 2010 at office (HairulHafiz)
PDPA 2010 at office (HairulHafiz)
Hairul Hafiz Hasbullah
 
Personal Data Protection in Malaysia
Personal Data Protection in MalaysiaPersonal Data Protection in Malaysia
Personal Data Protection in Malaysia
MSC Malaysia Cybercentre @ Bangsar South City
 
Personal Data Protection in Malaysia
Personal Data Protection in MalaysiaPersonal Data Protection in Malaysia
Personal Data Protection in Malaysia
khenghoe
 
The Data Protection Act What You Need To Know
The Data Protection Act What You Need To KnowThe Data Protection Act What You Need To Know
The Data Protection Act What You Need To Know
EamonnORagh
 
The Data Protection Act
The Data Protection ActThe Data Protection Act
The Data Protection Act
SaimaRafiq
 
Things to know about GDPR in 2018
Things to know about GDPR in 2018Things to know about GDPR in 2018
Things to know about GDPR in 2018
Webkul Software Pvt. Ltd.
 
Data Protection Act
Data Protection ActData Protection Act
Data Protection Act
mrmwood
 
Privacy and Data Protection Act 2014 (VIC)
Privacy and Data Protection Act 2014 (VIC)Privacy and Data Protection Act 2014 (VIC)
Privacy and Data Protection Act 2014 (VIC)
Russell_Kennedy
 
Data Protection (Download for slideshow)
Data Protection (Download for slideshow)Data Protection (Download for slideshow)
Data Protection (Download for slideshow)
Andrew Sharpe
 
Impact of ict on privacy and personal data
Impact of ict on privacy and personal dataImpact of ict on privacy and personal data
Impact of ict on privacy and personal data
mohd kamal
 
Personal Data Protection Singapore - Pdpc corporate-brochure
Personal Data Protection Singapore - Pdpc corporate-brochurePersonal Data Protection Singapore - Pdpc corporate-brochure
Personal Data Protection Singapore - Pdpc corporate-brochure
Jean Luc Creppy
 
Highlights of the Singapore Personal Data Protection Act 2012
Highlights of the Singapore Personal Data Protection Act 2012Highlights of the Singapore Personal Data Protection Act 2012
Highlights of the Singapore Personal Data Protection Act 2012
Fuji Xerox Singapore
 
Data Protection Guidelines
Data Protection GuidelinesData Protection Guidelines
Data Protection Guidelines
David Scanlon
 
A quick look at gdpr
A quick look at gdprA quick look at gdpr
A quick look at gdpr
CookieYes
 
General data protection
General data protectionGeneral data protection
General data protection
BrijeshR3
 
Merit Event - Understanding and Managing Data Protection
Merit Event - Understanding and Managing Data ProtectionMerit Event - Understanding and Managing Data Protection
Merit Event - Understanding and Managing Data Protection
meritnorthwest
 
Data protection act
Data protection act Data protection act
Data protection act
Iqbal Bocus
 
Intercity technology - GDPR your training toolkit
Intercity technology - GDPR your training toolkitIntercity technology - GDPR your training toolkit
Intercity technology - GDPR your training toolkit
joshquarrie
 
Popi act presentation
Popi act presentationPopi act presentation
Popi act presentation
Kholisile Mazaza
 
Data protection ppt
Data protection pptData protection ppt
Data protection ppt
grahamwell
 
Safety And Security Of Data 4
Safety And Security Of Data 4Safety And Security Of Data 4
Safety And Security Of Data 4
Wynthorpe
 
Applying the Personal Data Protection Act (Singapore)
Applying the Personal Data Protection Act (Singapore)Applying the Personal Data Protection Act (Singapore)
Applying the Personal Data Protection Act (Singapore)
Benjamin Ang
 
Data Privacy in India and data theft
Data Privacy in India and data theftData Privacy in India and data theft
Data Privacy in India and data theft
Amber Gupta
 
PDPA Compliance Preparation
PDPA Compliance PreparationPDPA Compliance Preparation
PDPA Compliance Preparation
LawPlus Ltd.
 
HOW TO PROCESS DATA IN VARIOUS GEO'S A COMPARATIVE ANALYSIS BY SANJEEV SINGH...
HOW TO PROCESS DATA IN VARIOUS GEO'S A COMPARATIVE ANALYSIS BY SANJEEV SINGH...HOW TO PROCESS DATA IN VARIOUS GEO'S A COMPARATIVE ANALYSIS BY SANJEEV SINGH...
HOW TO PROCESS DATA IN VARIOUS GEO'S A COMPARATIVE ANALYSIS BY SANJEEV SINGH...
Sanjeev Bharwan
 
GDPR and WHOIS Compliance - Impact on Indian Stakeholders
GDPR and WHOIS Compliance - Impact on Indian StakeholdersGDPR and WHOIS Compliance - Impact on Indian Stakeholders
GDPR and WHOIS Compliance - Impact on Indian Stakeholders
ServerGuy
 
Data privacy team meeting
Data privacy team meetingData privacy team meeting
Data privacy team meeting
rrosas0731
 
Managing Data Protection guide powerpoint presentation
Managing Data Protection guide powerpoint presentationManaging Data Protection guide powerpoint presentation
Managing Data Protection guide powerpoint presentation
silvereyez11
 

More Related Content

What's hot

Highlights of the Singapore Personal Data Protection Act 2012
Highlights of the Singapore Personal Data Protection Act 2012Highlights of the Singapore Personal Data Protection Act 2012
Highlights of the Singapore Personal Data Protection Act 2012
Fuji Xerox Singapore
 
Merit Event - Understanding and Managing Data Protection
Merit Event - Understanding and Managing Data ProtectionMerit Event - Understanding and Managing Data Protection
Merit Event - Understanding and Managing Data Protection
meritnorthwest
 
Data protection act
Data protection act Data protection act
Data protection act
Iqbal Bocus
 
Intercity technology - GDPR your training toolkit
Intercity technology - GDPR your training toolkitIntercity technology - GDPR your training toolkit
Intercity technology - GDPR your training toolkit
joshquarrie
 

What's hot (20)

Data Protection Act
Data Protection ActData Protection Act
Data Protection Act
 
Privacy and Data Protection Act 2014 (VIC)
Privacy and Data Protection Act 2014 (VIC)Privacy and Data Protection Act 2014 (VIC)
Privacy and Data Protection Act 2014 (VIC)
 
Data Protection (Download for slideshow)
Data Protection (Download for slideshow)Data Protection (Download for slideshow)
Data Protection (Download for slideshow)
 
Impact of ict on privacy and personal data
Impact of ict on privacy and personal dataImpact of ict on privacy and personal data
Impact of ict on privacy and personal data
 
Personal Data Protection Singapore - Pdpc corporate-brochure
Personal Data Protection Singapore - Pdpc corporate-brochurePersonal Data Protection Singapore - Pdpc corporate-brochure
Personal Data Protection Singapore - Pdpc corporate-brochure
 
Highlights of the Singapore Personal Data Protection Act 2012
Highlights of the Singapore Personal Data Protection Act 2012Highlights of the Singapore Personal Data Protection Act 2012
Highlights of the Singapore Personal Data Protection Act 2012
 
Data Protection Guidelines
Data Protection GuidelinesData Protection Guidelines
Data Protection Guidelines
 
A quick look at gdpr
A quick look at gdprA quick look at gdpr
A quick look at gdpr
 
General data protection
General data protectionGeneral data protection
General data protection
 
Merit Event - Understanding and Managing Data Protection
Merit Event - Understanding and Managing Data ProtectionMerit Event - Understanding and Managing Data Protection
Merit Event - Understanding and Managing Data Protection
 
Data protection act
Data protection act Data protection act
Data protection act
 
Intercity technology - GDPR your training toolkit
Intercity technology - GDPR your training toolkitIntercity technology - GDPR your training toolkit
Intercity technology - GDPR your training toolkit
 
Popi act presentation
Popi act presentationPopi act presentation
Popi act presentation
 
Data protection ppt
Data protection pptData protection ppt
Data protection ppt
 
Safety And Security Of Data 4
Safety And Security Of Data 4Safety And Security Of Data 4
Safety And Security Of Data 4
 
Applying the Personal Data Protection Act (Singapore)
Applying the Personal Data Protection Act (Singapore)Applying the Personal Data Protection Act (Singapore)
Applying the Personal Data Protection Act (Singapore)
 
Data Privacy in India and data theft
Data Privacy in India and data theftData Privacy in India and data theft
Data Privacy in India and data theft
 
PDPA Compliance Preparation
PDPA Compliance PreparationPDPA Compliance Preparation
PDPA Compliance Preparation
 
HOW TO PROCESS DATA IN VARIOUS GEO'S A COMPARATIVE ANALYSIS BY SANJEEV SINGH...
HOW TO PROCESS DATA IN VARIOUS GEO'S A COMPARATIVE ANALYSIS BY SANJEEV SINGH...HOW TO PROCESS DATA IN VARIOUS GEO'S A COMPARATIVE ANALYSIS BY SANJEEV SINGH...
HOW TO PROCESS DATA IN VARIOUS GEO'S A COMPARATIVE ANALYSIS BY SANJEEV SINGH...
 
GDPR and WHOIS Compliance - Impact on Indian Stakeholders
GDPR and WHOIS Compliance - Impact on Indian StakeholdersGDPR and WHOIS Compliance - Impact on Indian Stakeholders
GDPR and WHOIS Compliance - Impact on Indian Stakeholders
 

Similar to PDPA 2010 (Part 4) by Hairul Hafiz Hasbullah

Managing Data Protection guide powerpoint presentation
Managing Data Protection guide powerpoint presentationManaging Data Protection guide powerpoint presentation
Managing Data Protection guide powerpoint presentation
silvereyez11
 
Compliance audit under the Information Technology Act, 2000
Compliance audit under the Information Technology Act, 2000Compliance audit under the Information Technology Act, 2000
Compliance audit under the Information Technology Act, 2000
Sagar Rahurkar
 
DATA PROTECTION IMPACT ASSESSMENT TEMPLATE (ODPC).docx
DATA PROTECTION IMPACT ASSESSMENT TEMPLATE (ODPC).docxDATA PROTECTION IMPACT ASSESSMENT TEMPLATE (ODPC).docx
DATA PROTECTION IMPACT ASSESSMENT TEMPLATE (ODPC).docx
SteveNgigi2
 
GDPR: 3 Months On | Guest Speaker: Data Protection Commissioners
GDPR: 3 Months On | Guest Speaker: Data Protection CommissionersGDPR: 3 Months On | Guest Speaker: Data Protection Commissioners
GDPR: 3 Months On | Guest Speaker: Data Protection Commissioners
BrightPay Payroll and Auto Enrolment Software
 
Mass Information Security Requirements January 2010
Mass Information Security Requirements January 2010Mass Information Security Requirements January 2010
Mass Information Security Requirements January 2010
madamseane
 
Compliance poster
Compliance posterCompliance poster
Compliance poster
Rui Gomes
 
Data protection training emea new joiners. mandatory quiz
Data protection training emea new joiners. mandatory quizData protection training emea new joiners. mandatory quiz
Data protection training emea new joiners. mandatory quiz
Deborahchiesa
 

Similar to PDPA 2010 (Part 4) by Hairul Hafiz Hasbullah (20)

Data privacy team meeting
Data privacy team meetingData privacy team meeting
Data privacy team meeting
 
Managing Data Protection guide powerpoint presentation
Managing Data Protection guide powerpoint presentationManaging Data Protection guide powerpoint presentation
Managing Data Protection guide powerpoint presentation
 
Group 10 - PDPA II.pptx
Group 10 - PDPA II.pptxGroup 10 - PDPA II.pptx
Group 10 - PDPA II.pptx
 
IAPP Canada Privacy Symposium- "Data Retention Is a Team Sport: How to Get It...
IAPP Canada Privacy Symposium- "Data Retention Is a Team Sport: How to Get It...IAPP Canada Privacy Symposium- "Data Retention Is a Team Sport: How to Get It...
IAPP Canada Privacy Symposium- "Data Retention Is a Team Sport: How to Get It...
 
Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...
Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...
Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...
 
GDPR Benefits and a Technical Overview
GDPR Benefits and a Technical OverviewGDPR Benefits and a Technical Overview
GDPR Benefits and a Technical Overview
 
Data protection process information
Data protection process informationData protection process information
Data protection process information
 
Compliance audit under the Information Technology Act, 2000
Compliance audit under the Information Technology Act, 2000Compliance audit under the Information Technology Act, 2000
Compliance audit under the Information Technology Act, 2000
 
Security Industry Association Privacy Framework
Security Industry Association Privacy FrameworkSecurity Industry Association Privacy Framework
Security Industry Association Privacy Framework
 
DATA PROTECTION IMPACT ASSESSMENT TEMPLATE (ODPC).docx
DATA PROTECTION IMPACT ASSESSMENT TEMPLATE (ODPC).docxDATA PROTECTION IMPACT ASSESSMENT TEMPLATE (ODPC).docx
DATA PROTECTION IMPACT ASSESSMENT TEMPLATE (ODPC).docx
 
GDPR, Data Privacy.
GDPR, Data Privacy.GDPR, Data Privacy.
GDPR, Data Privacy.
 
GDPR: Your Journey to Compliance
GDPR: Your Journey to ComplianceGDPR: Your Journey to Compliance
GDPR: Your Journey to Compliance
 
Living with gdpr
Living with gdprLiving with gdpr
Living with gdpr
 
Vuzion Love Cloud GDPR Event
Vuzion Love Cloud GDPR Event Vuzion Love Cloud GDPR Event
Vuzion Love Cloud GDPR Event
 
GDPR: 3 Months On | Guest Speaker: Data Protection Commissioners
GDPR: 3 Months On | Guest Speaker: Data Protection CommissionersGDPR: 3 Months On | Guest Speaker: Data Protection Commissioners
GDPR: 3 Months On | Guest Speaker: Data Protection Commissioners
 
Personal Data Protection in Indonesia
Personal Data Protection in IndonesiaPersonal Data Protection in Indonesia
Personal Data Protection in Indonesia
 
Mass Information Security Requirements January 2010
Mass Information Security Requirements January 2010Mass Information Security Requirements January 2010
Mass Information Security Requirements January 2010
 
Consent form for TESDA
Consent form for TESDAConsent form for TESDA
Consent form for TESDA
 
Compliance poster
Compliance posterCompliance poster
Compliance poster
 
Data protection training emea new joiners. mandatory quiz
Data protection training emea new joiners. mandatory quizData protection training emea new joiners. mandatory quiz
Data protection training emea new joiners. mandatory quiz
 

Recently uploaded

一比一原版(ECU毕业证书)埃迪斯科文大学毕业证如何办理
一比一原版(ECU毕业证书)埃迪斯科文大学毕业证如何办理一比一原版(ECU毕业证书)埃迪斯科文大学毕业证如何办理
一比一原版(ECU毕业证书)埃迪斯科文大学毕业证如何办理
Airst S
 
一比一原版(UC毕业证书)堪培拉大学毕业证如何办理
一比一原版(UC毕业证书)堪培拉大学毕业证如何办理一比一原版(UC毕业证书)堪培拉大学毕业证如何办理
一比一原版(UC毕业证书)堪培拉大学毕业证如何办理
bd2c5966a56d
 
Code_Ethics of_Mechanical_Engineering.ppt
Code_Ethics of_Mechanical_Engineering.pptCode_Ethics of_Mechanical_Engineering.ppt
Code_Ethics of_Mechanical_Engineering.ppt
JosephCanama
 
COPYRIGHTS - PPT 01.12.2023 part- 2.pptx
COPYRIGHTS - PPT 01.12.2023 part- 2.pptxCOPYRIGHTS - PPT 01.12.2023 part- 2.pptx
COPYRIGHTS - PPT 01.12.2023 part- 2.pptx
RRR Chambers
 
一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理
一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理
一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理
Airst S
 
一比一原版赫尔大学毕业证如何办理
一比一原版赫尔大学毕业证如何办理一比一原版赫尔大学毕业证如何办理
一比一原版赫尔大学毕业证如何办理
Airst S
 
PowerPoint - Legal Citation Form 1 - Case Law.pptx
PowerPoint - Legal Citation Form 1 - Case Law.pptxPowerPoint - Legal Citation Form 1 - Case Law.pptx
PowerPoint - Legal Citation Form 1 - Case Law.pptx
ca2or2tx
 
一比一原版埃克塞特大学毕业证如何办理
一比一原版埃克塞特大学毕业证如何办理一比一原版埃克塞特大学毕业证如何办理
一比一原版埃克塞特大学毕业证如何办理
Airst S
 

Recently uploaded (20)

PPT- Voluntary Liquidation (Under section 59).pptx
PPT- Voluntary Liquidation (Under section 59).pptxPPT- Voluntary Liquidation (Under section 59).pptx
PPT- Voluntary Liquidation (Under section 59).pptx
 
一比一原版(ECU毕业证书)埃迪斯科文大学毕业证如何办理
一比一原版(ECU毕业证书)埃迪斯科文大学毕业证如何办理一比一原版(ECU毕业证书)埃迪斯科文大学毕业证如何办理
一比一原版(ECU毕业证书)埃迪斯科文大学毕业证如何办理
 
一比一原版(UC毕业证书)堪培拉大学毕业证如何办理
一比一原版(UC毕业证书)堪培拉大学毕业证如何办理一比一原版(UC毕业证书)堪培拉大学毕业证如何办理
一比一原版(UC毕业证书)堪培拉大学毕业证如何办理
 
589308994-interpretation-of-statutes-notes-law-college.pdf
589308994-interpretation-of-statutes-notes-law-college.pdf589308994-interpretation-of-statutes-notes-law-college.pdf
589308994-interpretation-of-statutes-notes-law-college.pdf
 
Clarifying Land Donation Issues Memo for
Clarifying Land Donation Issues Memo forClarifying Land Donation Issues Memo for
Clarifying Land Donation Issues Memo for
 
Code_Ethics of_Mechanical_Engineering.ppt
Code_Ethics of_Mechanical_Engineering.pptCode_Ethics of_Mechanical_Engineering.ppt
Code_Ethics of_Mechanical_Engineering.ppt
 
Shubh_Burden of proof_Indian Evidence Act.pptx
Shubh_Burden of proof_Indian Evidence Act.pptxShubh_Burden of proof_Indian Evidence Act.pptx
Shubh_Burden of proof_Indian Evidence Act.pptx
 
COPYRIGHTS - PPT 01.12.2023 part- 2.pptx
COPYRIGHTS - PPT 01.12.2023 part- 2.pptxCOPYRIGHTS - PPT 01.12.2023 part- 2.pptx
COPYRIGHTS - PPT 01.12.2023 part- 2.pptx
 
一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理
一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理
一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理
 
一比一原版赫尔大学毕业证如何办理
一比一原版赫尔大学毕业证如何办理一比一原版赫尔大学毕业证如何办理
一比一原版赫尔大学毕业证如何办理
 
Performance of contract-1 law presentation
Performance of contract-1 law presentationPerformance of contract-1 law presentation
Performance of contract-1 law presentation
 
Philippine FIRE CODE REVIEWER for Architecture Board Exam Takers
Philippine FIRE CODE REVIEWER for Architecture Board Exam TakersPhilippine FIRE CODE REVIEWER for Architecture Board Exam Takers
Philippine FIRE CODE REVIEWER for Architecture Board Exam Takers
 
Transferable and Non-Transferable Property.pptx
Transferable and Non-Transferable Property.pptxTransferable and Non-Transferable Property.pptx
Transferable and Non-Transferable Property.pptx
 
The doctrine of harmonious construction under Interpretation of statute
The doctrine of harmonious construction under Interpretation of statuteThe doctrine of harmonious construction under Interpretation of statute
The doctrine of harmonious construction under Interpretation of statute
 
PowerPoint - Legal Citation Form 1 - Case Law.pptx
PowerPoint - Legal Citation Form 1 - Case Law.pptxPowerPoint - Legal Citation Form 1 - Case Law.pptx
PowerPoint - Legal Citation Form 1 - Case Law.pptx
 
Police Misconduct Lawyers - Law Office of Jerry L. Steering
Police Misconduct Lawyers - Law Office of Jerry L. SteeringPolice Misconduct Lawyers - Law Office of Jerry L. Steering
Police Misconduct Lawyers - Law Office of Jerry L. Steering
 
ARTICLE 370 PDF about the indian constitution.
ARTICLE 370 PDF about the indian constitution.ARTICLE 370 PDF about the indian constitution.
ARTICLE 370 PDF about the indian constitution.
 
一比一原版埃克塞特大学毕业证如何办理
一比一原版埃克塞特大学毕业证如何办理一比一原版埃克塞特大学毕业证如何办理
一比一原版埃克塞特大学毕业证如何办理
 
$ Love Spells^ 💎 (310) 882-6330 in Utah, UT | Psychic Reading Best Black Magi...
$ Love Spells^ 💎 (310) 882-6330 in Utah, UT | Psychic Reading Best Black Magi...$ Love Spells^ 💎 (310) 882-6330 in Utah, UT | Psychic Reading Best Black Magi...
$ Love Spells^ 💎 (310) 882-6330 in Utah, UT | Psychic Reading Best Black Magi...
 
BPA GROUP 7 - DARIO VS. MISON REPORTING.pdf
BPA GROUP 7 - DARIO VS. MISON REPORTING.pdfBPA GROUP 7 - DARIO VS. MISON REPORTING.pdf
BPA GROUP 7 - DARIO VS. MISON REPORTING.pdf
 

PDPA 2010 (Part 4) by Hairul Hafiz Hasbullah

  • 1. Malaysia: Personal Data Protection Act (PDPA) 2010 Hairul Hafiz B Hasbullah Data Protection (Part 3) Implementation of security to protect data
  • 2. Where Are We? : Stage 2 • Awareness program on PDPA 2010 • Establish a data protection task force • Conduct a Privacy Impact Assessment • Obtain Consent for use of personal data • Prepare standard data protection notice and clause in Agreement
  • 3. Where Are We? : Stage 2 (After Briefing on 12-13 April 2017) • Review plan established during Stage 1 • Establish procedures and forms to handle data protection complaints • Establish processes for training of relevant staff • Implementation of security to protect data (a) physical access (b) electronic access
  • 4. Action Plan : Stage 3 • Implementation of security to protect data (a) Electronic access (b) Non-electronic access (c) Retention standard (d) Data Integrity standard
  • 5. NO DESCRIPTIONS Person In- charge (PIC)/Depart 1 Register all employees involved in the processing of personal data BE/MME/HR 2 Terminate an employee’s access rights to personal data after his/her resignation, termination, termination of contract or agreement, or adjustment in accordance with changes in MyCEB HR/IT 3 Control and limit employees’ access to personal data system for the purpose of collecting, processing and storing of personal data BE/MME/HR/IT 4 Provide user ID and password for authorised employees to access personal data BE/MME/HR/IT A Establishment of the Security Standard for Personal Data Processed for Electronic
  • 6. NO DESCRIPTIONS Person In- charge (PIC)/Depart 5 Terminate user ID and password immediately when an employee who is authorised access to personal data is no longer handling the data BE/MME/HR 6 Establish physical security procedures as follows: i. Control the movement in an out of the data storage site ii. Storage personal data in an appropriate location which is unexposed and safe from physical or natural threats IT 7 Update the Back up/ Recovery system and anti-virus to prevent personal data intrusion and such IT Establishment of the Security Standard for Personal Data Processed for Electronic
  • 7. NO DESCRIPTIONS Person In- charge (PIC)/Depart 8 Safeguard the computer system from malware threats to prevent attacks on personal data IT 9 The transfer of personal data through removable media device and cloud computing service is not permitted unless with written consent by an officer authorised by the management of the MyCEB data user BE/MME 10 Record any transfer of data through removable media device and cloud computing service BE/MME/HR Establishment of the Security Standard for Personal Data Processed for Electronic
  • 8. NO DESCRIPTIONS Person In- charge (PIC)/Depart 11 Personal data transfer through cloud computing service must comply with the personal data protection principles in Malaysia, as well as with personal data protection laws of other countries. LEGAL 12 Ensure that all employees involved in processing personal data always protect the confidentiality of the data subject’s personal data. BE/MME/HR 13 Bind an appointed third party by the data user with a contract for operating and carrying out personal data processing activities. This is to ensure the safety of personal data from loss, misuse, modification, unauthorised access and disclosure. LEGAL Establishment of the Security Standard for Personal Data Processed for Electronic
  • 9. NO DESCRIPTIONS Person In- charge (PIC)/Depart 1 Register employees handling personal data into a system/registration book before allowed access to personal data BE/MME/HR 2 Terminate an employee’s access rights to personal data after his/her resignation, termination, termination of contract or agreement, or adjustment in accordance with changes in MyCEB BE/MME/HR/IT 3 Control and limit employees’ access to personal data system for the purpose of collecting, processing and storing of personal data BE/MME/HR B Establishment of the security standard for personal data processed for non -electronic
  • 10. NO DESCRIPTIONS Person In- charge (PIC)/Depart 4 Establish physical security procedures as follows: i. Store all personal data orderly in files; and ii. Store all files containing personal data in a locked place BE/MME/HR 5 Maintain a proper record access to personal data periodically and make such record the confidentiality of the data subject’s personal data BE/MME/HR 6 Record personal data transferred conventionally such as through mail, delivery, fax and etc BE/MME/HR Establishment of the security standard for personal data processed for non -electronic
  • 11. NO DESCRIPTIONS Person In- charge (PIC)/Depart 7 Ensure that all used papers, printed documents or other documents exhibiting personal data are destroyed thoroughly and efficiently by using shredding machine or other appropriate methods BE/MME/HR 8 Conduct awareness programmes to all employees on the responsibility to protect personal data LEGAL Establishment of the security standard for personal data processed for non -electronic
  • 12. NO DESCRIPTIONS Person In- charge (PIC)/Depart 1 Determine the retention period relating to the processing and retention personal data are fulfilled before destroying the data ( normal practice is within 6 years) BE/MME/HR 2 Keep personal data no longer than necessary unless there are requirements by other legal provisions BE/MME/HR 3 Maintain a proper record of personal data disposal periodically BE/MME/HR C Establishment of the Retention Standard
  • 13. NO DESCRIPTIONS Person In- charge (PIC)/Depart 4 Dispose personal data collection forms used in commercial transactions within the period not exceeding 14 days, except if the forms carry legal values in relation to the commercial transaction BE/MME/HR 5 Review and dispose all unwanted personal data in the database (eg MyCEB CRM) BE/MME/HR 6 Prepare a personal data disposal schedule for inactive data with a 24 month period. BE/MME/HR 7 The use of removable media device for storing personal data is not permitted without written approval from MyCEB management. BE/MME/HR/IT Establishment of the Retention Standard
  • 14. NO DESCRIPTIONS Person In- charge (PIC)/Depart 1 Provide personal data update form for data subjects, either via online or conventional LEGAL 2 Update personal data immediately once data correction notice is received from data subject BE/MME/HR 3 Ensure that all relevant legislation is fulfilled in determining the type of documents required to support the validity of the data subject’s personal data LEGAL 4 Notify on personal data updates either through the portal or notice at premises or by other appropriate methods MARCOM D Establishment of the Data Integrity Standard
  • 15. CONGRATULATIONS! You have just completed Privacy and Personal data (Part 1) under MyCEB Personal Data Protection 2010 THANK YOU