PERSONAL DATA PROTECTION ACT (PDPA)

Course details

Module 1:Personal Data Protection Challenges At the Workplace
Introducing PDPA 2010
Ten Challenges for PDPA in the Digital Economy
Personal Data as a Commodity
Personal Data and IoT
Personal Data and Cloud computing
Module 2:Transparency of Data Handling and the Right To Be Forgotten
Primary duties of Data User under Section 7 PDPA 2010
Data User subject to Audit and Inspection
Guidelines on understanding Purpose under Section 6 PDPA 2010.
Recognise when, and for what purpose staff / customer data may be used
Due Diligence and role of Data User
Statutory duties of Data User under PDPA 2010

Module 3: Issues and Implications of the Principle  
Disclosure Principle and guidelines on when you can refuse to disclose or partially disclose;
Guidelines and understanding the Retention Principle and how it relates to Employees and former employees;
Guidelines and understanding the Data Integrity Principle
Access Principle and guidelines on how and when to grant excess to access requests.

A discussion on how the principles will be used in the compliance system of the company.

Module 4: Security Guidance and Privacy Impact Assessment

This module looks at what constitutes a Personal data security breach and how such breaches can occur. It also considers how to avoid breaches, and the practical steps that should be taken when a breach occurs.

Key aspects of this module include:
Analysis of the Security Principle under Section 9 PDPA
Data Security Standard -Implementation
Assessing Risks and Impact
Taking a holistic approach to data security – staff vetting and access and other important organisational  measures that should be implemented

Module 5: Criminal Offences and Liabilities under the PDPA 2010
Punishment for contravention of the Act
Offences by body corporate
Contravention of the personal data protection principles
Processing of sensitive personal data in contravention to Section 40
Unlawful collection or disclosure of personal data
Personal Data Protection (Compounding of Offences) Regulations 2016

Day 2 – Implementing Compliance under the  Standards 2015 & PDPA 2010 [Mandatory] @ the workplace & Latest Updates 2019

Module 6: A Risk Based PDPA Compliance
Data Illegality
Data Irregularity
Untenable Data Support
Data Leak and Abuse
CASE STUDIES ON BREACH

Compliance for Section 6
Samples on Purposes for Section 6 and Guideline on how to draft the Purpose clause in documents
Effect of Personal Data Protections Regulations 2013
Drafting consent clause for marketing of products
Sample clauses for withdrawal of consent
Drafting caution into letters.

Compliance for Section 7
Discussion on Drafting the Consent Notice for various categories of Business sectors
Discussion on Drafting Consent Notice for Application forms/ Interview forms/ Confidentiality clauses on consent
Drafting the Notice and understanding how to draft the purpose clause in the Notice
Guidelines on different categories of Notices

Module 7: Compliance for The Personal Data Protection Standards 2015 [Mandatory]
The Data Security Standard distinguishes between conventional and electronic data management and prescribes various security measures in relation to each.
Data Retention Standard focuses
Data Storage Standards
Data Integrity Standard
Data Security Standard

Module 8: Data Governance Strategies
Building awareness for all staff
Organisational and Operational measures
Benchmarking goals/objectives
Documentation and Audit
Implementation

Module 9: Updates 2019 – Proposed law to be introduced Data Breach Notification
Details of the Data Breach
Containment or Control measures
Containing the Breach – Steps to take
Notification procedure
Format provided for DBN
   Updated on 11 May, 2020