DATA ASSURANCE TO COMPLY WITH PDPA
Personal Data Protection Act 2012 (PDPA)
Personal Data Protection Act 2012 (PDPA) is a law that governs the collection, use and disclosure of personal data by all private organisations. The Act has come into full effect on 2nd July 2014.
Organisations that collect, use and disclose personal data are required to develop and implement policies and practices that are necessary for the organisation to comply with the Personal Data Protection Act 2012 (PDPA).
This will help organisations develop or improve their personal data protection policies and practices through the implementation of a Data Protection Management Programme (DPMP).
Data protection officer (DPO) is to be appointed within the organization to oversee the data protection responsibilities and ensure compliance with the PDPA.
organisations should enhance their personal data protection policies and practices to their organizational needs.
Why to Comply With the PDPA?
- Organisations should develop and communicate a personal data protection policy for both its internal stakeholders (e.g. staff) and external parties (e.g. customers). This will provide clarity to internal stakeholders on the responsibilities and processes on handling personal data in their day-to-day work .
- DPMP is a systematic framework to help organisations establish a robust data protection infrastructure. Having an established DPMP helps an organisation to demonstrate accountability in data protection.
- It covers management policies and processes for the handling as well as defining roles and responsibilities of the people in the organisation in relation to personal data protection.
- This provides confidence to stakeholders and fosters high-trust relationships with customers and business partners.
- Organisations which fail to comply with PDPA may be fined up to $1 million and suffer reputation damage.
PDPA PRINCIPLES
Purpose Limitation
Only use or disclose personal data for the purposes defined.
Notification
Inform the individuals on the purposes for collection, use and disclosure of their personal data during collection.
Consent
Ensure that the consent has been obtained from the individuals before collecting, using or disclosure of the personal data.
Access and Correction
Upon request, provide the personal data of the individual and information on how the individual’s personal data has been used or disclosed in the past year. Correct an individual’s personal data upon request.
Accuracy
Ensure that personal data is accurate and complete during collection or when making a decision which will affect the individual.
Protection
Keep personal data in your possession secure from unauthorized access, modification, disclosure, use, copying, whether in hardcopy or electronic form.
Retention Limitation
Retain personal data only for business/legal purposes and securely destroy personal data when no longer needed.
Transfer Limitation
Ensure overseas external organisations provide a standard of protection comparable to the protection under the Singapore PDPA
Openness
Designate a Data Protection Officer and publish his/her business contact information. Make available personal data protection policies and practices to public and employees, including complaint process.
Do-Not-Call (DNC)
Do not send marketing messages to individuals who have registered in the National DNC registry through voice, text messages or fax unless you have obtained their clear and unambiguous consent or have an on-going relationship (for text / fax).
PDPA COMPLIANCE PLAN PROCESS
BUSINESS BENEFITS
Operationalize
Regulatory Policies
Govern regulatory policies in a centralized location. Define and document policies & controls, Governance processes, Critical Data Elements, Data Categories, Data Subcategories, DQ dimensions and DQ rules
Enhance Governance
of Restricted Data
Mapping of data to critical data elements ensuring restricted data is effectively validated by customizing the workflows and used for ongoing PDPA compliance as the law evolves.
Expedite Responses
to Maintenance Issues
Manage the governance stewardship to rectify the error data and quickly address issues with targeted maintenance alerts.
Reduce Compliance
Risk by Monitoring Risk Reports
Track and analyze Data risk effectively by monitoring the reports to mitigate business impact.
DATA INSIGHTS PLATFORM(DIP) SOLUTION FOR REGULATORY COMPLIANCE
Data Insights Platform (DIP) is a Data Governance framework tool designed specifically for Regulatory compliance , with pre-configured content like Policies, Controls, data categories, Sub-Categories, Critical Data Elements, workflows, reports, dashboards, and more.
Data Insights Platform (DIP) offers a centralized location where you can document, govern and collaborate around privacy and security policies to ensure they are effectively managed across the enterprise. It also allow organizations to establish a data mapping system to record processing activities and perform data Quality assessments.
Data Insights Platform (DIP) provides a sustainable approach to regulatory policies by managing the compliance through risk evaluations and assessments then take remediation actions as issues arise. Manage approvals, identify risk controls and tailor workflows to match specific business needs. Monitor compliance progress through easy-to-understand dashboards and reports which shows the regulatory violations details.
AMURTA’s Data Insights Platform is an enterprise-level solution that enhances productivity and perform better by turning raw data into actionable insights. This platform put people and process in place which improves automating the data governance and data management to deliver the trusted data to the business users who can quickly chart out the reality of data, its lineage, and usage across the policies, processes, projects, and regulation.
SPEAK TO OUR EXPERTS TODAY
If you have queries we are ready to discuss how our Data Insights Platform can help you in improving your organization governance process.
