PDPA Obligations for Organizational Compliance
(SkillsFuture Credit Eligible)
Course ID: TGS-2020505311
Alternate Friday (9AM - 6.45PM)
8 Hours (1 day)
Andy Prakash
Classroom Training: 380 Jalan Besar #07-01 ARC 380 Bldg. Singapore 209000
450 SGD
Bank TT, Cash, Skillsfuture Credit Funding
Menu
What’s In It For Me
- You will gain an overview and understanding of the 9 core PDPA obligations
- Learn on the legislative and regulatory requirements of PDPA
- Learn how to identify existing PDPA non-compliance at the workplace
- Value add to your organization by forming your PDPA steering committee
Overview
With the passing of the Personal Data Protection Act (PDPA) 2012, we have a fiduciary duty to learn the obligations, develop and implement sustainable Personal Data governance and understand the management of risks especially in the areas of Data Privacy and Security. It affects all organizations whether big or small. Even with the most expensive protection suite, humans are still the weakest link and failure to ensure proper education and inadequate policy setting is often the downfall at any workplace.
There are several reasons for spending money, time and effort on Personal Data Protection and Security. The primary one is preventing financial loss due to data breach, followed by compliance with regulatory requirements, maintaining high levels of productivity and meeting customer expectations. Another important business driver for Personal Data Protection is the recent spate of increasing penalties dealt to businesses. Furthermore with digitalization, governments globally have begun imposing newer and stricter regulations on electronic communications and stored data. Businesses face dire consequences for non-compliance. Finally, the loss of productivity because of a data breach and investigation by the Personal Data Protection Committee (PDPC) is another matter companies especially SMEs can’t afford to pause their business and waste financial and manpower resources on.
Course objectives:
- Competent employees with fundamental understanding of the 9 obligations & DNC provisions
- Ability to review existing policies & processes for compliance
- Implementation of course knowledge and cyber hygiene practices in daily operations
- Develop & Map out the organization’s Data Processing Inventory Mapping (DPIM)
- Learn how to conduct regular Data Protection Impact Assessment (DPIA)
- Learn how to plan a Data Protection Management Programme (DPMP)
- Follow a systematic approach to execute in the event of a data breach
Who Should Attend
The suitable students for this programme are likely to be:
- Compliance Managers or Data Protection Officers (DPOs)
- Human Resource, Admin, IT personnel, Sales and Business Development Executive / Managers who need to be involved in data protection matters
Course Breakdown
- Introduction
- Overview of the PDPA
- Definitions
- Personal Data
- Individual
- Organizations
- 9 Obligations
- Do Not Call (DNC) Provisions
- Collect, Use, Disclose, Storage
- Data Protection Officer
- Penalties
- Case Studies
- Module Assessment (MCQ) & Answer Review
- Introduction
- Obtaining Consent From An Individual
- Failure To Opt Out
- Obtaining Consent On Behalf Of An Individual
- When Consent Is Not Validly Given
- Deemed Consent
- Obtaining Personal Data From Third Parties
- Withdrawal Of Consent
- Facilitating The Withdrawal Of Consent
- Effect Of A Withdrawal Notice
- Exceptions To The Consent Obligation
- Publicly Available Data
- Purpose Limitation
- Informing An Individual Of The Purpose
- Manner And Form
- Providing Notification Through A Privacy Policy
- Information To Include When Stating Purposes
- Good Practice Considerations
- Use And Disclosure For A Different Purpose
- Sample Templates Review
- Case Studies
- Module Assessment (MCQ) & Answer Review
- Introduction
- Providing Access To Personal Data
- How Personal Data Has Been Used/Disclosed
- Response Time Frame For An Access Request
- Rejecting An Access Request
- Fees Chargeable To Process Access Obligation
- Exceptions To The Access Obligation
- Preservation Of Personal Data
- Obligation To Correct Personal Data
- Exceptions To The Correction Obligation
- Response Time For A Correction Request
- Form Of Access And Correction Requests
- Requirement Of Reasonable Effort
- Ensuring Accuracy Of Personal Data
- Sample Templates Review
- Case Studies
- Module Assessment (MCQ) & Answer Review
- Introduction
- Examples Of Security Arrangements
- Administrative Measures
- Physical Measures
- Technical Measures
- How Long Personal Data Can Be Retained
- Ceasing To Retain Personal Data
- Determine If Retention Of Personal Data Is Ceased
- Anonymising Personal Data
- Sample Templates Review
- Case Studies
- Module Assessment (MCQ) & Answer Review
- Introduction
- Conditions For Transfer Of Personal Data Overseas
- Scope Of Contractual Clauses
- Data In Transit
- Appointing A Data Protection Officer
- Registering Your Dpo With Pdpc
- Internal & External Data Protection Policies
- Communication To Staff On Policies & Practices
- Formalized Process For Access Request & Complaints
- Make Publicly Available The Dpo’s Contact Information
- Other Related Provisions
- Other Measures Relating To Accountability
- Sample Templates Review
- Case Studies
- Module Assessment (MCQ) & Answer Review
- Introduction
- Definition Of “Specified Message”
- Exclusions From The Definition Of Specified Message
- Duty To Check The Dnc Register
- Obtaining Clear And Unambiguous Consent
- Consent Evidenced In Written Or Other Form
- Requiring Consent For Telemarketing As A Condition
- Other Obligations Relating To Consent
- Exemption For Certain Specified Messages
- Providing Information Identifying The Sender
- Providing Information For Recipient To Contact Sender
- Definition Of “Sender”
- Sending Specified Message To A Singapore Number
- Excluded Persons
- Defence For Employees
- Sending Specified Messages In A Joint Offering
- Locations Of Sender And Recipient
- Telemarketing On Personal Data Before Pdpa Effected
- Measures To Prevent Sending To Wrong Recipients
- Application To Cases
- Relevant PDPA Obligations
- Checklist Of Good Practices For Organisations
- Checklist Of Good Practices When Outsourcing
- Case Studies
- Module Assessment (MCQ) & Answer Review
- Introduction
- Email Spoofing Demonstration
- Redirection URL Links Demonstration
- Malicious Downloads
- Recommended Browser Settings
- Connecting To ‘free’ Wifi Hotspots
- Useful Links
- 10 Best Cyber Hygiene Practices
- Web Browser Security
- Browser Configuration
- Ublock Origin Plugin
- Browser Containers
- Browser Agents
- TOR Browser
- Browser Testing
- Virtual Private Networks
- Adopting ICT Security Measures
- Consolidated Checklist Of Good Practices
- Consolidated Checklist Of Enhanced Practices
- Physical Disposal Measures
- Shredding Issues And Practices
- Third Party Service Providers
- Case Studies
- Module Assessment (MCQ) & Answer Review
- Introduction
- Documenting Data Flows In The Organisation
- Data Inventory Map
- Data Flow Diagram
- When To Conduct A DPIA
- Who Should Be Involved
- DPIA Lifecycle
- Assess Need For DPIA
- Plan DPIA
- Identify Personal Data And Personal Data Flows
- Identify And Assess Data Protection Risks
- Risk Assessment Framework
- Create an Action Plan
- Implement Action Plan and Monitor Outcomes
- Sample Templates Review
- Module Assessment (MCQ) & Answer Review
- Introduction
- DPbD Principles
- DPbD and the Software Development Lifecycle
- DPbD for Existing ICT Systems
- Good DPbD Practices For ICT Systems
- Data Protection Impact Assessment (DPIA)
- Collection of Personal Data by ICT Systems
- Notification of Purpose & Data Protection Policy
- Getting Consent for Users’ Personal Data
- Development of ICT System
- Online Forms
- Access Control
- Testing of ICT System
- Access, Correction and Accuracy of PD in ICT Systems
- Housekeeping of Personal Data in ICT Systems
- User Device Security
- Exporting Data
- Retention of Personal Data in ICT Systems
- Maintenance Phase
- Setting Up A Website
- Key Considerations
- Outsourcing
- Website Security
- Security Policies And Processes
- Security Design
- PDPA Obligations
- Terminology
- Data Anonymisation Concepts
- Disclosure Risks
- Basic Data Anonymisation Techniques
- Putting It Together
- Summary
- Case Studies
- Module Assessment (MCQ) & Answer Review
- Introduction
- Developing A DPMP
- Policy
- People
- Process
- PDPA Assessment Tool For Organisations (PATO)
- Risk Monitoring & Reporting Structure
- Maintenance
- Preparing For Data Breaches
- Responding To Data Breaches
- C.A.R.E
- Possible Causes Of Data Breaches
- Data Breach Notification To The PDPC
- Data Breach Notification To Affected Individuals
- Module Assessment (MCQ) & Answer Review
- Course Assessment (PDPC Corporate E-learning)
Trainer Profile
Andy Prakash
Andy Prakash co-founded AntiHACK.me, Singapore’s first bug bounty platform, working with the top community of white hat hackers to identify and report vulnerabilities in businesses’ websites, mobile applications and systems.
As the Chief Information Officer, he has given speeches and conducted masterclasses for ACE startups, co-working spaces, Echelon by e27 (2019), Chamber of Commerce and even Interpol 2019.
Seeing a lapse in the Data Protection industry, he started Privacy Ninja, providing PDPA Consultancy, training, audit and Outsourced DPO services. He is the designated Data Protection Officer for numerous companies in Singapore and handles Data Protection matters on a day to day basis.
Andy is the the outsourced DPO for ongoing notable clients like Marina Bay Holdings Group, Adam Khoo Learning Technologies, Curtin University, GrandBanks and more.
He has also been featured on numerous media outlets like Channel News Asia, Channel 8 and Berita Harian, on data privacy, cyber security and its various associated topics.
