As defined by the Personal Data Protection Commission, Personal Data refers to data regarding an individual who can be identified from that data or from that data and other information to which the Organization has or is likely to have access.
Under the Personal Data Protection Act (PDPA), these data that Organizations have access into are protected in the way of fining them when there is a data breach that occurred. The Organization usually pays a hefty fine as a consequence which ranges up to 1,000,000 SGD.
The PDPA is the law imposed by the PDPC, which provides for a baseline standard of protection for personal data in Singapore. Furthermore, the PDPA complements the sector-specific legislative and regulatory frameworks, such as Insurance Act and Banking Act.
Over the years, the PDPA has been amended by the PDPC for it to be more comprehensive and for it to cover the PDPC decisions and undertakings. Currently, the PDPC released a new guidance on data protection practices to cover further such PDPC decisions and undertaking, which we will discuss in a few.
Also Read: The DNC Singapore: Looking At 2 Sides Better
The new edition of the Guide to Data Protection Practices for ICT Systems comprises data protection practices from PDPC’s past advisory guidelines and guides. It also includes the learning from PDPC decisions and undertakings, and it recommends both enhanced and basic practices that organizations include in their ICT systems, processes, and policies.
The Checklists to Guard Against Common Types of Data Breaches was also based on PDPC decisions and undertakings regarding breaches and identified the five (5) common gaps in ICT system management and processes, which may result in a data breach.
Lastly, the PDPC also released two (2) Checklists to Guard Against Common Types of Data Breaches to assist organizations in putting in place policies and reviewing them together with technology controls and processes to avoid any mistakes caused by negligence which often results in a data breach.
For easy reference by the ICT team of Organizations, as well as its vendors, the new Guide on data protection practices for ICT systems has been grouped into three main sections, and it recommends the basic and enhanced ICT practices that Organizations can implement to support the data lifecycle in each stage:
Such Handbook composed by the PDPC identifies the five common gaps in any Organization’s ICT system management and processes based on PDPC decisions and undertakings:
The checklist for personal data protection practices complements the Handbook, and it aims to help Organizations:
The PDPC expects that the organizations that handle personal data implement the relevant enhanced practices suggested in each section, especially those that handle large quantities of different types of personal data or data that might be more sensitive to the individuals or the organizations.
Also Read: The Data Protection Act of Singapore and how it affects businesses
Importance of Efficient Access Controls that every Organisation in Singapore should take note of. Enhancing…
Prioritizing Security Measures When Launching a Webpage That Every Organisation in Singapore should take note…
Importance of Regularly Changing Passwords for Enhance Online Security that every Organisation in Singapore should…
Comprehensive Approach to Data Protection and Operational Integrity that every Organsiation in Singapore should know…
Here's the importance of Pre-Launch Testing in IT Systems Implementation for Organisations in Singapore. The…
Understanding Liability in IT Vendor Relationships that every Organisation in Singapore should look at. Understanding…
This website uses cookies.