Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing

        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing

        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing

        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing

        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training

        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing

        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review

        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention

        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise

        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle

        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

I'VE BEEN BREACHED

4 Considerations In The PDPA Singapore Checklist

PDPA Singapore checklist
The PDPA Singapore checklist is a must-have for organisations operating in Singapore.

4 Considerations In The PDPA Singapore Checklist

The PDPA Singapore checklist is a must-have for organisations operating in Singapore because as the famous line goes, “ignorance of the law excuses no one”.

📌 Explore how Privacy Ninja can help organisations address their data protection compliance. Learn more >>>

The Personal Data Protection Act 2012 (PDPA) oversees the collection, use and disclosure of personal data. It has been established that the main purpose of the act is to make sure that a) all personal data is managed in a way that respects the privacy and ownership rights of individuals and b) organisations utilise such data for legal business purposes only.

The PDPA acknowledges both:

  1. The right of individuals (natural persons, whether living or dead) to safeguard their personal data; and
  2. The necessity of organisations (all corporate bodies such as companies, and unincorporated bodies which include those formed or resident outside of Singapore) to collect, use, or disclose personal data for intentions that a fair individual would consider relevant.

Implementation of the PDPA rules is compulsory for organisations operating in Singapore (both companies and unincorporated bodies) with regard to the collection, use, and disclosure of personal data. Hence, this PDPA Singapore checklist applies to these organisations.

Do take note that the following individuals are not bound by the PDPA provisions:

  • Persons acting in a personal or domestic capacity;
  • Public agencies;
  • Organisations acting on behalf of a public agency in relation to the processing of personal data.

Also Read: The 3 Main Benefits Of PDPA For Your Business

Why must organisations understand the PDPA Singapore checklist?

In the age of digitalisation, an individual’s personal data is akin to digital currency. As consumers become empowered with the knowledge of their rights to data privacy and personal data protection, a business that can demonstrate compliance will surely be able to gain better customer loyalty.

📌 Let Privacy Ninja help you with your PDPA compliance through our PDPA compliance audit services. Contact us for a no obligations chat to understand what compliance audit services are needed to comply with the PDPA.

PDPA Singapore checklist
Keeping track of the PDPA Singapore checklist helps your organisation be in its tiptop compliance state.

Before moving on with the checklist, here are 5 things your organisation must keep track of to ensure compliance with PDPA provisions:

  1. What type of personal data is collected?
  2. What is the purpose of the collection of personal data?
  3. Who is collecting personal data?
  4. Where is the personal data stored?
  5. To whom is the personal data disclosed?

Also Read: Key PDPA Amendments 2019/2020 You Should Know

The PDPA Singapore checklist under 4 classifications

The considerations that organisations should deal with can be broadly classified into four categories.

1. Collection, management, retention and disposal of personal data

  1. Does your organisation guarantee that the personal data collected is relevant for the intention alone and not some other hidden agenda or purpose?
  2. Are the people involved in this data collection made fully cognizant of the data collection purpose on or before the collection of their personal data?
  3. Organisations must also see to it that collection of sensitive data is limited and needed only if relevant and should not be unnecessarily collected.
  4. Is the consent sought and received by your organisation for the collection, use and disclosure of personal data?
  5. Does your organisation also see to it that third party involved in data collection is clear on their PDPA duties as well as adhere to the strict provisions set by PDPA with regard to the handling and collection of personal data by third party?
  6. Does your organisation guarantee proper use and disclosure of personal data collected?
  7. Is your organisation knowledgeable in handling transfer of personal data and can it ensure that the transfer of data overseas is in compliance with PDPA?
  8. Does your organisation know and comprehend the fulfillment of PDPA obligations with regard to working with 3rd party (such as an agent or a data intermediary) of the company managing the personal information data transfer?

2. Security, update, and maintenance of personal data

  1. Does your organisation have proper security provisions in place to prevent illegal access, collection and use of its personal data in its safekeeping or under its management?
  2. These security provisions must be developed on pertinent risk assessments, kind and sensitivity of personal data and chances and impact of illegal access, deletion or other use.
  3. Organisations must see to it that these security provisions are constantly updated and shared with relevant stakeholders.
  4. Organisations must also see to it that processes are in place for third parties to make fair arrangements to protect personal data.
  5. Does your organisation have pertinent data retention policies for various types of personal data? This is also applicable to third parties in possession of their personal data.
  6. Does your organisation have provisions in place to deal with unsolicited personal data?
  7. Does your organisation have provisions in place to dispose of personal data? This is also applicable to third parties in possession of their personal data.
  8. Does your organisation make sure that its personal data is correct, and that personal data shared with other organisations is correct and complete?
  9. How does your organisation handle erroneous data?

📌 Do you know that appointing a Data Protection Officer (DPO) is not only mandatory under the PDPA, but is also crucial to ensuring that your organisation is fully compliant to the PDPA provisions? Check out how Privacy Ninja’s DPO-as-a-Service can help you manage the PDPA Singapore checklist and more, while you focus on what you do best, to grow the business. 3. A person’s rights to personal data access and erasure

  1. Does your organisation have provisions in place and furnish information on how individuals may withdraw permission on the use of their personal data and the implications of withdrawing consent?
  2. Does your organisation have provisions in place and furnish information on how individuals can ask for access to their personal data? Is there a process in place to adhere to the person’s request?
  3. Does your organisation have provisions in place and furnish information on how people can amend their personal data under its possession?

4. The implementation, governance and process transparency of PDPA compliance

  1. Does your organisation have provisions and practices in place to manage personal data?
  2. Does your organisation share its data protection provisions and practices with pertinent internal and external stakeholders?
  3. Does your organisation constantly review and update data protection provisions, and keep track of compliance of practices with these provisions?
  4. Does your organisation accept and answer queries on the collection, use and disclosure of personal data by your organisation?
  5. Does your organisation carry out risk and impact assessments to identify, evaluate and address data protection risks?
  6. Does your organisation take into account Data Protection by Design in the growth of a product, service, system or process?
  7. Does your organisation have a data breach management plan? The plan should comprise of the following: a) personnel on management of data breach incident, b) timeline for reporting data breach incident, c) provisions for notifying affected individuals/organisations and pertinent regulators/enforcement authorities.
  8. Does your organisation have a Data Protection Officer (DPO) who is well versed in your data protection provisions and the PDPA?
  9. Is the business contact information of the DPO made available to the public?
  10. Is the DPO properly trained? The DPO should also have received formal training on data protection compliance with the PDPA.
  11. Does your organisation carry out regular training for employees on the company’s data protection provisions and practices?

There you have it, the comprehensive PDPA Singapore checklist. If you need further clarifications on any section here, feel free to reach out to us.

0 Comments

Let us help you out.

Grab your free consultation NOW!

Privacy Ninja

Data Protection​

Cybersecurity

Support

Company

Locations

Singapore

7 Temasek Boulevard
#12-07, Suntec Tower One
Singapore 038987

Thailand

The Royal Place 1
2, 2/399 Mahatlek Luang 1 Alley, Lumphini, Pathum Wan, Bangkok 10330, Thailand



email-icon
Facebook Twitter Linkedin Youtube

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
TALK TO US
×

Hello!

Click one of our contacts below to chat on WhatsApp

Social Chat is free, download and try it now here!

× Chat with us