Importance of a Compliant Privacy Policy

Drafting Privacy Policy
Drafting a Privacy Policy with no knowledge or external help may be daunting.

Privacy Policy is not only the legally required document to disclose your practices on protecting personal information, but it also allows you to show both your internal and external stakeholders, customers and regulators that you can be trusted, and that you have procedures in place to handle their personal information with care.

This article will discuss the PDPA and third-party requirements while showing examples of the necessary clauses that your Privacy Policy should have. By the end you’ll know why you need one and have a start on creating your own.

Mandatory Under the PDPA

Sections 11 and 12 of the Personal Data Protection Act (PDPA) form the Accountability obligation under the PDPA. Requirements include every organization needing to develop and implement policies for data protection, and making available to the public the Business Contact Information (BCI) of the Data Protection Officer (DPO)/any designated individuals ensuring the Organization’s PDPA compliance.

Privacy Policies Are Required by Third-party Services

Example of Apple App Store Privacy Policy requirements

What to Include in a Privacy Policy​

There is no standardized format, but it is logical to cover the 9 obligations of the PDPA. A recommended list of items to be included are as follows:

  1 – Introduction
  2 – How Personal Data is Collected
  3 – Types of Personal Data Collected
  4 – How Personal Data is Used
  5 – Parties that Personal Data are Disclosed to
  6 – Management of the Collection, Usage and Disclosure of Personal Data
  7 – Ensuring Accuracy of Personal Data
  8 – Protection of Personal Data
  9 – Retention of Personal Data
10 – Access and Correction Methods to Personal Data
11 – Transference of Personal Data Overseas
12 – Data Protection Officer Contact Information
13 – Last Updated On

You Don't Need to Start from Scratch

We don’t recommend grabbing the Privacy Policy from another website online, as every business has different data collection and handling processes. Furthermore you will need to have basic knowledge on how to edit the Privacy Policy content to fit your business. 

A good news for SMEs is that the Personal Data Protection Committee (PDPC) has made available a FREE Data Protection Notice Generator tool that you can use to create your base template by simply answering a series of questions. 

FREE Privacy Policy Compliance Review

If you find the above information too complicated, fret not! Privacy Ninja is performing a complimentary Privacy Policy review for companies for a limited time only.

All you need to do is contact us and ask for it!


0 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *