Mandatory Under the PDPA
Sections 11 and 12 of the Personal Data Protection Act (PDPA) form the Accountability obligation under the PDPA. Requirements include every organization needing to develop and implement policies for data protection, and making available to the public the Business Contact Information (BCI) of the Data Protection Officer (DPO)/any designated individuals ensuring the Organization’s PDPA compliance.
Privacy Policies Are Required by Third-party Services
There is no standardized format, but it is logical to cover the 9 obligations of the PDPA. A recommended list of items to be included are as follows:
1 – Introduction
2 – How Personal Data is Collected
3 – Types of Personal Data Collected
4 – How Personal Data is Used
5 – Parties that Personal Data are Disclosed to
6 – Management of the Collection, Usage and Disclosure of Personal Data
7 – Ensuring Accuracy of Personal Data
8 – Protection of Personal Data
9 – Retention of Personal Data
10 – Access and Correction Methods to Personal Data
11 – Transference of Personal Data Overseas
12 – Data Protection Officer Contact Information
13 – Last Updated On
You Don't Need to Start from Scratch
A good news for SMEs is that the Personal Data Protection Committee (PDPC) has made available a FREE Data Protection Notice Generator tool that you can use to create your base template by simply answering a series of questions.
All you need to do is contact us and ask for it!