The Personal Data Protection Act challenge in Singapore
-
Upload
jean-luc-creppy -
Category
Business
-
view
570 -
download
1
description
Transcript of The Personal Data Protection Act challenge in Singapore
PERSONAL DATA
PROTECTION ACT
OPPORTUNITY FOR INTERNAL ALIGNMENT
EPC Partners Pte Ltd. ©2013
A new act
YOUR OBLIGATION
• Consent You organization must seek the consent of customers before collecting and storing their data, and inform the customer about the purpose of the data collection.
• Protection you shall protect personal data in its possession or under your control by making reasonable security arrangements to prevent unauthor ized access, col lect ion, use, disclosure, copying, modification, disposal or similar risks.
• Data Transfer Outside Sg Restricted You also have to ensure a comparable standard of protection for personal data if they’re transferring it outside Singapore.
• Transitional Arrangements Your organization has been given 18 months from implementation in January 2013 to comply with the rules.
• Marketing Messages Restricted Use of personal data to contact a person registered under the “Do Not Call Registry”. Marketing message should content clearly identify the sender with contact information.
THE PENALTIES
§ SG$ 1 Million fine Companies found in violation of the rules can be fined up to S$1 million (US$820,000) for every data protection offense.
§ SG$1,000 for every day or part thereof during which the offence continues after conviction.
¡ SG$100,000 if An organization or person obstructs the in the performance of their duties or powers under this Act; or makes a false statement to the Commission, or knowingly attempts to mislead the Commission,
¡ SG$ 10,000 Up to S$10,000 (US$8200) per customer complaint.
What this new act in Singapore means to your Organization?
EPC Partners Pte Ltd. ©2013
Impact on your organization Many aspects of your business might have to be revisited
Update procedure Train resources Update Materials
Update procedure Train resources Update Materials
Update procedures Update systems
Prepare Communication Strategy to handle claims
Train New Resources Update data handling procedure
Update HR system
Update procedures Update systems Update contracts Train resources
Update procedures Update Policies
Update Contracts Update Policies
EPC Partners Pte Ltd. ©2013
A Recommended approach Perform strategic changes to align every areas of your organization before the deadline
1. Assessment status of Personal Data Protection.
3. Prioritize necessary changes with KPI.
6. Train internal Resources.
1 2 3 4 5 6 7 8 9 10 11 12 1 2 3 4 5 6
2. Gap Analysis 4. Implementation of changes.
5. Re-Asssess Personal Data Protection Readiness.
7. Plan for Personal Data Protection Audit.
Start (01-2013) End (06-2014)
EPC Partners Pte Ltd. ©2013
“The best time to plant a tree is twenty years ago. The second best time is now” __ Chinese Proverb
EPC Partners Pte Ltd. ©2013
¡ Provide Road Map to Compliance
¡ Assessment on Personal Data Protection
¡ Perform Gap Analysis against PDPA
¡ Support Business Case and Change Request
¡ Provide Recommendations for changes & KPI
¡ Confirm your Personal Data Lifecycle
¡ Confirm your Data Security Lifecycle
¡ Design Self-Assessment for PDP
About Our Organization Support and lead your change initiatives
6
Your Success is Our Reward
EPC Partners Pte Ltd. ©2013
EPC Partners Pte Ltd. Singapore
+65 8622 0345
www.epc-partners.net
http://www.linkedin.com/groups/
Singapore-PDPA-Alignment-5009055