PDPA Meaning: Know Its Big Advantages In Businesses
Objectives of the Personal Data Protection Act
Today, vast amounts of personal data are collected, used and even transferred to third party organisations for a variety of reasons. This trend is expected to grow exponentially as the processing and analysis of large amounts of personal data becomes possible with increasingly sophisticated technology.
With such a trend comes growing concerns from individuals about how their personal data is being used. Hence, a data protection regime to govern the collection, use and disclosure of personal data is necessary to address these concerns and to maintain individuals’ trust in organisations that manage data.
By regulating the flow of personal data among organisations, the PDPA meaning also aims to strengthen and entrench Singapore’s competitiveness and position as a trusted, world-class hub for businesses.
How does the Personal Data Protection Act work?
The PDPA meaning will ensure a baseline standard of protection for personal data across the economy by complementing sector-specific legislative and regulatory frameworks. This means that organisations will have to comply with the PDPA meaning as well as the common law and other relevant laws that are applied to the specific industry that they belong to, when handling personal data in their possession.
The PDPA meaning takes into account the following concepts:
- Consent – Organisations may collect, use or disclose personal data only with the individual’s knowledge and consent (with some exceptions);
- Purpose – Organisations may collect, use or disclose personal data in an appropriate manner for the circumstances, and only if they have informed the individual of purposes for the collection, use or disclosure; and
- Reasonableness – Organisations may collect, use or disclose personal data only for purposes that would be considered appropriate to a reasonable person in the given circumstances.
Singapore Personal Data Protection Act 2012 (PDPA) is a law that governs the collection, use and disclosure of personal data by all private organisations. The Act has come into full effect on 2nd July 2014. Organisations which fail to comply with PDPA meaning may be fined up to $1 million and suffer reputation damage.
Only use or disclose personal data for the purposes defined.
Inform the individuals on the purposes for collection, use and disclosure of their personal data during collection.
Ensure that the consent has been obtained from the individuals before collecting, using or disclosure of the personal data.
Access and Correction
Upon request, provide the personal data of the individual and information on how the individual’s personal data has been used or disclosed in the past year. Correct an individual’s personal data upon request.
Ensure that personal data is accurate and complete during collection or when making a decision which will affect the individual.
Keep personal data in your possession secure from unauthorised access, modification, disclosure, use, copying, whether in hardcopy or electronic form.
Retain personal data only for business/legal purposes and securely destroy personal data when no longer needed.
Ensure overseas external organisations provide a standard of protection comparable to the protection under the Singapore PDPA meaning
Designate a Data Protection Officer and publish his/her business contact information. Make available personal data protection policies and practices to public and employees, including complaint process.
Do not send marketing messages to individuals who have registered in the National DNC registry through voice, text messages, or fax unless you have obtained their clear and unambiguous consent or have an on-going relationship (for text/fax).
How do you comply?
- Designate a Data Protection officer (DPO)
- Map organisation’s Personal Data Inventory, implement personal data protection policy
- Communicate to employees on the personal data protection policies
- Incorporate data protection as part of BAU
- Establish regular compliance program to verify adherence to PDPA meaning requirements
What are the consequences of breaching the PDPA?
According to a news report in July this year, the Persona Data Protection Commission has taken enforcement action against 300 organisations to date with most of them receiving an advisory notice. But over 30 of them were serious cases, however, with organisations fined or rapped for lax security.
A notable case is the September 2014 leak of the personal data of 317,000 customers of karaoke bar chain K Box, for which the firm was later fined $50,000 for lax security measures.