Privacy Ninja



        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

PDPA Obligations for Organizational Compliance

(SkillsFuture Credit Eligible)​

Course ID: TGS-2020505311

Alternate Friday (9AM - 6.45PM)

8 Hours (1 day)

Andy Prakash

Classroom Training: 380 Jalan Besar #07-01 ARC 380 Bldg. Singapore 209000

450 SGD

Bank TT, Cash, Skillsfuture Credit Funding

What’s In It For Me

  • You will gain an overview and understanding of the 9 core PDPA obligations
  • Learn on the legislative and regulatory requirements of PDPA
  • Learn how to identify existing PDPA non-compliance at the workplace
  • Value add to your organization by forming your PDPA steering committee


With the passing of the Personal Data Protection Act (PDPA) 2012, we have a fiduciary duty to learn the obligations, develop and implement sustainable Personal Data governance and understand the management of risks especially in the areas of Data Privacy and Security. It affects all organizations whether big or small. Even with the most expensive protection suite, humans are still the weakest link and failure to ensure proper education and inadequate policy setting is often the downfall at any workplace.

There are several reasons for spending money, time and effort on Personal Data Protection and Security. The primary one is preventing financial loss due to data breach, followed by compliance with regulatory requirements, maintaining high levels of productivity and meeting customer expectations. Another important business driver for Personal Data Protection is the recent spate of increasing penalties dealt to businesses. Furthermore with digitalization, governments globally have begun imposing newer and stricter regulations on electronic communications and stored data. Businesses face dire consequences for non-compliance. Finally, the loss of productivity because of a data breach and investigation by the Personal Data Protection Committee (PDPC) is another matter companies especially SMEs can’t afford to pause their business and waste financial and manpower resources on.

Course objectives:

Who Should Attend

The suitable students for this programme are likely to be:

  • Compliance Managers or Data Protection Officers (DPOs)
  • Human Resource, Admin, IT personnel, Sales and Business Development Executive / Managers who need to be involved in data protection matters

Course Breakdown

  • Introduction
  • Overview of the PDPA
  • Definitions
  • Personal Data
  • Individual
  • Organizations
  • 9 Obligations
  • Do Not Call (DNC) Provisions
  • Collect, Use, Disclose, Storage
  • Data Protection Officer
  • Penalties
  • Case Studies
  • Module Assessment (MCQ) & Answer Review
  • Introduction
  • Obtaining Consent From An Individual
  • Failure To Opt Out
  • Obtaining Consent On Behalf Of An Individual
  • When Consent Is Not Validly Given
  • Deemed Consent
  • Obtaining Personal Data From Third Parties
  • Withdrawal Of Consent
  • Facilitating The Withdrawal Of Consent
  • Effect Of A Withdrawal Notice
  • Exceptions To The Consent Obligation
  • Publicly Available Data
  • Purpose Limitation
  • Informing An Individual Of The Purpose
  • Manner And Form
  • Providing Notification Through A Privacy Policy
  • Information To Include When Stating Purposes
  • Good Practice Considerations
  • Use And Disclosure For A Different Purpose
  • Sample Templates Review
  • Case Studies
  • Module Assessment (MCQ) & Answer Review
  • Introduction
  • Providing Access To Personal Data
  • How Personal Data Has Been Used/Disclosed
  • Response Time Frame For An Access Request
  • Rejecting An Access Request
  • Fees Chargeable To Process Access Obligation
  • Exceptions To The Access Obligation
  • Preservation Of Personal Data
  • Obligation To Correct Personal Data
  • Exceptions To The Correction Obligation
  • Response Time For A Correction Request
  • Form Of Access And Correction Requests
  • Requirement Of Reasonable Effort
  • Ensuring Accuracy Of Personal Data
  • Sample Templates Review
  • Case Studies
  • Module Assessment (MCQ) & Answer Review
  • Introduction
  • Examples Of Security Arrangements
  • Administrative Measures
  • Physical Measures
  • Technical Measures
  • How Long Personal Data Can Be Retained
  • Ceasing To Retain Personal Data
  • Determine If Retention Of Personal Data Is Ceased
  • Anonymising Personal Data
  • Sample Templates Review
  • Case Studies
  • Module Assessment (MCQ) & Answer Review
  • Introduction
  • Conditions For Transfer Of Personal Data Overseas
  • Scope Of Contractual Clauses
  • Data In Transit
  • Appointing A Data Protection Officer
  • Registering Your Dpo With Pdpc
  • Internal & External Data Protection Policies
  • Communication To Staff On Policies & Practices
  • Formalized Process For Access Request & Complaints
  • Make Publicly Available The Dpo’s Contact Information
  • Other Related Provisions
  • Other Measures Relating To Accountability
  • Sample Templates Review
  • Case Studies
  • Module Assessment (MCQ) & Answer Review
  • Introduction
  • Definition Of “Specified Message”
  • Exclusions From The Definition Of Specified Message
  • Duty To  Check  The  Dnc  Register
  • Obtaining Clear  And Unambiguous Consent
  • Consent Evidenced In Written Or Other Form
  • Requiring Consent For Telemarketing As A Condition
  • Other Obligations Relating To Consent
  • Exemption For Certain Specified Messages
  • Providing Information Identifying The Sender
  • Providing Information For Recipient To Contact Sender
  • Definition Of “Sender”
  • Sending Specified Message To A Singapore Number
  • Excluded Persons
  • Defence For Employees
  • Sending Specified Messages In A Joint Offering
  • Locations Of Sender And Recipient
  • Telemarketing On Personal Data Before Pdpa Effected
  • Measures To Prevent Sending To Wrong Recipients
  • Application To Cases
  • Relevant PDPA Obligations
  • Checklist Of Good Practices For Organisations
  • Checklist Of Good Practices When Outsourcing
  • Case Studies
  • Module Assessment (MCQ) & Answer Review
  • Introduction
  • Email Spoofing Demonstration
  • Redirection URL Links Demonstration
  • Malicious Downloads
  • Recommended Browser Settings
  • Connecting To ‘free’ Wifi Hotspots
  • Useful Links
  • 10 Best Cyber Hygiene Practices
  • Web Browser Security
  • Browser Configuration
  • Ublock Origin Plugin
  • Browser Containers
  • Browser Agents
  • TOR Browser
  • Browser Testing
  • Virtual Private Networks
  • Adopting ICT Security Measures
  • Consolidated Checklist Of Good Practices
  • Consolidated Checklist Of Enhanced Practices
  • Physical Disposal Measures
  • Shredding Issues And Practices
  • Third Party Service Providers
  • Case Studies
  • Module Assessment (MCQ) & Answer Review
  • Introduction
  • Documenting Data Flows In The Organisation
  • Data Inventory Map
  • Data Flow Diagram
  • When To Conduct A DPIA
  • Who Should Be Involved
  • DPIA Lifecycle
  • Assess Need For DPIA
  • Plan DPIA
  • Identify Personal Data And Personal Data Flows
  • Identify And Assess Data Protection Risks
  • Risk Assessment Framework
  • Create an Action Plan
  • Implement Action Plan and Monitor Outcomes
  • Sample Templates Review
  • Module Assessment (MCQ) & Answer Review
  • Introduction
  • DPbD Principles
  • DPbD and the Software Development Lifecycle
  • DPbD for Existing ICT Systems
  • Good DPbD Practices For ICT Systems
  • Data Protection Impact Assessment (DPIA)
  • Collection of Personal Data by ICT Systems
  • Notification of Purpose & Data Protection Policy
  • Getting Consent for Users’ Personal Data
  • Development of ICT System
  • Online Forms
  • Access Control
  • Testing of ICT System
  • Access, Correction and Accuracy of PD in ICT Systems
  • Housekeeping of Personal Data in ICT Systems
  • User Device Security
  • Exporting Data
  • Retention of Personal Data in ICT Systems
  • Maintenance Phase
  • Setting Up A Website
  • Key Considerations
  • Outsourcing
  • Website Security
  • Security Policies And Processes
  • Security Design
  • PDPA Obligations
  • Terminology
  • Data Anonymisation Concepts
  • Disclosure Risks
  • Basic Data Anonymisation Techniques
  • Putting It Together
  • Summary
  • Case Studies
  • Module Assessment (MCQ) & Answer Review
  • Introduction
  • Developing A DPMP
  • Policy
  • People
  • Process
  • PDPA Assessment Tool For Organisations (PATO)
  • Risk Monitoring & Reporting Structure
  • Maintenance
  • Preparing For Data Breaches
  • Responding To Data Breaches
  • C.A.R.E
  • Possible Causes Of Data Breaches
  • Data Breach Notification To The PDPC
  • Data Breach Notification To Affected Individuals
  • Module Assessment (MCQ) & Answer Review
  • Course Assessment (PDPC Corporate E-learning)

Trainer Profile

Andy Prakash - OSINT Practitioner & Trainer

Andy Prakash​

Andy Prakash co-founded, Singapore’s first bug bounty platform, working with the top community of white hat hackers to identify and report vulnerabilities in businesses’ websites, mobile applications and systems.

As the Chief Information Officer, he has given speeches and conducted masterclasses for ACE startups, co-working spaces, Echelon by e27 (2019), Chamber of Commerce and even Interpol 2019.

Seeing a lapse in the Data Protection industry, he started Privacy Ninja, providing PDPA Consultancy, training, audit and Outsourced DPO services. He is the designated Data Protection Officer for numerous companies in Singapore and handles Data Protection matters on a day to day basis.

Andy is the the outsourced DPO for ongoing notable clients like Marina Bay Holdings Group, Adam Khoo Learning Technologies, Curtin University, GrandBanks and more.

He has also been featured on numerous media outlets like Channel News Asia, Channel 8 and Berita Harian, on data privacy, cyber security and its various associated topics.

Contact our sales team

Drop us your details and our sales Ninjas will get in touch in 24 hours


Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us