Privacy Ninja



        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Data Protection Policy: 8 GDPR Compliance Tips

Data Protection Policy: 8 GDPR Compliance Tips

A GDPR-compliant data protection policy (DPP) would bolster the integrity of your company in cybersecurity.
A GDPR-compliant data protection policy (DPP) would bolster the integrity of your company in cybersecurity.

Duly registered and state-recognized companies are required to comply with national laws on cybersecurity. However there are also internationally-recognized regulations that qualified business organizations follow. An example of which is the General Data Protection Regulation (GDPR).

Covered companies were quick to update their respective protection policy when GDPR came into existence. In sum, GDPR is a significant piece of European legislation, aimed at protecting personal data of data subjects in the European Union (EU) by regulating data controllers and processors (individuals or organizations). Verily, Singapore as one of EU’s largest trading partner in ASEAN, falls under GDPR’s jurisdiction.

In this article, we will give you tips on how to come up with a GDPR-compliant data protection policy (DPP). But first:

What is a Data Protection Policy?

An organization’s DPP is an internal document drafted by its constituents to establish the company-wide data protection policies. Especially among those who handle or process client data, the DPP is made available to all employees. At times, it is also made public.

The DPP is seldom required by law. However, it is a recommended step for any business organization that wishes to demonstrate adherence to GDPR regulations. It is the most practical way to ensure that you are implementing your company’s data protection practices, while training your employees to exercise the same.

With that being said, here are 8 tips (specifically general clauses) that you might consider when drafting your company’s data protection policy:

1. Introduction and Scope of Policy

A good DPP should begin with an introduction of the purpose/significance of the document and its relevance to the context of the organization. This would prime the reader (employees) on the overview of what the policy is all about and how they should approach the sections therein.

2. Definitions

A word or set of words, as used in different organizations, may have alternative meaning depending on the context. To avoid potential misunderstandings among your employees, it is important to include a section wherein you define these terms, especially the highly technical ones.

3. Statement of GDPR Principles

This section should be dedicated on reiterating the set of principles that governs GDPR regulations. Your DPP should clearly recount each of the GDPR requirements for legal data processing.

Your organization should always audit/revisit your data protection policy to ensure adherence to GDPR
Your organization should always audit/revisit your data protection policy to ensure adherence to GDPR

4. Lawfulness of Processing Data

The GDPR requires that your company’s data processing must fall under of its six legal bases. As preparation, you should audit your organization first and determine on which category you belong. Remember that processing data may differ according to which legal basis the personal information falls under; as such, your employees who handle these confidential data should fully understand which basis it is being processed under.

Also Read: 4 Reasons to Outsource Penetration Testing Services

5. Roles and Responsibilities

The Roles and Responsibilities clause will lay the duties each of your employees should observe relevant to your company’s data protection policy. This section confers accountability to your members when handling and processing customer data.

6. Data Breach Protocol

This section may be considered as the most important clause in your data protection policy. It will guide every person in your organization on what steps to take should you experience a case of data breach. These procedures are scrutinized whenever there are legal allegations of inadequate response to data breach imputed against your organization. As others put it, “Teaching your employees to address breach situations quickly and judiciously could be the difference between a fine and a warning.”

7. Security and Record Keeping

This clause is suggested to contain your company’s security measures, data retention practices, and data records policy. You should guarantee the safety of customer information that circulates around your system and stored in your database. As a tip, you may describe both GDPR requirements and incorporate your organization’s own standards pertinent to data security.

8. Contact Information

Your employees should know the right person to call if they have any question, concern, or suggestion about data protection. This clause should contain the contact information of your point-person serving as the overseer of your data protection policy implementation. In most business organizations, this is the Data Protection Officer, who may be in-house or outsourced.

Lastly, your business organization has the freedom to stipulate any other pertinent matter that concerns data security within your DPP. It is also a good practice to have quarterly audit in order to check your adherence to the recent GDPR requirements and regulations. As previously mentioned, consider collaborating with an Data Protection Officer whenever you wish to launch, implement, amend, or alter your data protection policy.

In totality, your GDPR compliance and cybersecurity is only as good as how well you drafted and implemented your company’s data protection policy.

Also Read: When to Appoint a Data Protection Officer



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us