The PDPA establishes a data protection law that comprises various rules governing the collection, use, disclosure and care of personal data.
It recognises both the rights of individuals to protect their personal data, including rights of access and correction,
and the needs of organisations to collect, use or disclose personal data for legitimate and reasonable purposes.
The PDPA provides for the establishment of a national Do Not Call (DNC) Registry.
The DNC Registry allows individuals to register their Singapore telephone numbers to opt out of receiving marketing phone calls,
mobile text messages such as SMS or MMS, and faxes from organisations.
Under Section 12 of the Personal Data Protection Act, an organisation must
Under Section 11(3) of the Personal Data Protection Act, an organisation must appoint at least one Data Protection Officer to comply with the PDPA.
|Stage||Readiness Assessment||Identification and handling of risk||Generate policies and procedures||Help for DPO||Track progress|
|Objective||To identify the current level of compliance with respect to PDPA||To identify the potential feared events, threats and risks and provide recommendation||To generate a compliance manual to facilitate communication and training for the organization||To provide assistance to DPO to kick start the compliance program and provide on-going support||To establish monitoring program|
|Output||Answer the burning question”Is my organisation complying with PDPA correctly and completely?||Risk Assessment ReportRecommendation report||Compliance manual||DPO training workshopIntroduction to PDPA for the organisation“Implementation day” workshop||PDPA annual auditPrivacy Impact Assessment|
Our next training session is on 30 September 2014. Please click here to register.
The workshop is for staff with limited knowledge on the Personal Data Protection Act.
There is no session for this workshop at this moment.
Need help to comply with your business? Select the guides below according to your industry.
We have prepared these toolkits so that Company can use them to implement their Data Protection Policy.