Privacy Ninja



        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

4 Easy Steps To Create Privacy Management Plan For Business

This template is designed to help you develop a privacy management plan for your entity.

4 Easy Steps To Create Privacy Management Plan For Business

 A privacy management plan is a document that identifies specific, measurable goals and targets that identify how you will implement the four steps outlined in the Framework. This template is designed to help you develop a privacy management plan for your entity. Which commitments you implement within each step, and who performs these, will depend upon your particular circumstances, including your entity’s size, resources and business model.

You may be able to adapt this template to include specific details around how you intend to implement each commitment. Alternatively, it could be appropriate to specify these details in a separate project plan, dependant on the size and scale of the relevant commitment.


privacy management plan
A privacy management plan is a document that identifies specific, measurable goals and targets that identify how you will implement the four steps outlined in the Framework.

Step 1 — Embed: a culture of privacy that enables compliance

Creating a culture of privacy compliance within your organisation encourages team members to take responsibility for the businesses’ privacy obligations. This includes:

  • implementing a privacy management plan that aligns with your businesses’ privacy obligations and processes;
  • training your team about the importance of privacy and ensuring senior management is informed of any developments to the law; and
  • assigning responsibility to team members so that it’s clear who is accountable for privacy, such as appointing a privacy officer. 
ActionPerson responsibleDueStatus
Adopt a ‘privacy by design’ approach   
Assign key roles and responsibilities for privacy management   
Assign staff responsibility for managing privacy   
Create reporting mechanisms that ensure senior management are routinely informed about privacy issues   
Ensure staff understand their privacy obligations and the roles   

Step 2 — Establish: robust and effective privacy practices, procedures and systems

Your business must implement procedures and practices for dealing with private information, including:

  • a privacy policy, which should tell website visitors what personal information you collect and how you use it;
  • ensure that the way you collect and handle the data of customers and employees complies; and 
  • create a data breach response plan to ensure that you have a strategy in place if a breach occurs. 
ActionPerson responsibleDueStatus
Keep information about your business’s personal information holdings (including the type of information you hold and where it is held) up to date   
Develop and maintain processes around the handling of personal information prior to collection, while personal information is held and once it is no longer needed   
Integrate privacy into staff training and induction processes   
Develop and implement a clearly expressed and up to date privacy policy    
Implement risk management processes to identify, assess and manage privacy risks across the business   
Establish processes for receiving and responding to privacy inquiries and complaints   
Establish processes that allow individuals to promptly and easily access and correct their personal information   
Create a data breach response plan    

Step 3 — Evaluate: your privacy practices, procedures and systems to ensure continued effectiveness

The plan should be subject to ongoing evaluation, involving:

  • a regular review of your privacy management plan to monitor compliance and relevance; and
  • feedback from customers and employees on your processes.
ActionPerson responsibleDueStatus
Regularly monitor and review privacy processes, policies and notices   
Document compliance with privacy obligations, including keeping records on privacy process reviews, breaches and complaints   
Measure your performance against this privacy management plan   
Create channels for staff and customers to provide feedback on privacy processes   

Step 4 — Enhance: your response to privacy issues

Also Read: What Is Governance Structure: Fundamentals for Gov’t Success

Your business should seek to amend and improve its processes to increase privacy and data security, by:

  • continually updating your privacy management plan, privacy policy and processes to account for changes to the law or your business; and
  • accounting for the privacy implications of new technologies and software. 
ActionPerson responsibleDueStatus
Use the results of evaluations to make changes to practices, procedures and systems to improve privacy processes   
Have your privacy processes externally assessed/audited to identify areas for improvement   
Keep up to date with issues and developments in privacy law and changing legal obligations   
Monitor and address new security risks and threats   
Examine and address the privacy implications, risks and benefits of new technologies. Consider implementing privacy enhancing technologies that allow you to minimise and better manage the personal information you handle   
Introduce initiatives that promote good privacy standards in your business practices   
Participate in Privacy Awareness Week and other privacy events   
A Privacy Management Plan is a document that identifies specific, measurable privacy goals and targets.

What to Include in Your Privacy Management Plan

Your plan should outline the measures that your business will put in place to comply. In other words, it should include your goals to avoid a data breach and build a culture of privacy compliance within your organisation.

Depending on the size and nature of your business, your plan may include: 

  • your commitment to transparently manage personal information;
  • the contact information of the person responsible for your business’ privacy processes;
  • your internal processes for educating your team of recent privacy developments; 
  • the actions your business will take if there is a data breach; 
  • mechanisms that allow for feedback from both your clients and your team; and
  • your plans to continually monitor potential security threats. 

Although your business is not legally required to have a plan, it is best practice to encourage customers’ and employees’ confidence in your processes. It published a template privacy management plan, which you can adapt to your business. This includes the four essential steps of a plan: 

  • embed;
  • establish;
  • evaluate; and
  • enhance. 

Also read: Privacy Management Plan



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us