chapter 4 Flashcards
what is the PDPA
–> Is Singapore’s data privacy regulation
–> Governs the collection, use, disclosure and care of
personal data
–> Regulates telemarketing practices through the Do Not
Call registry
why do we need PDPA
–> Is designed to encourage business innovation, while
also guaranteeing that personal data protection
–> Aims to strengthen Singapore’s position as a trusted
hub for businesses
who does the PDPA apply to
–> Recognizes the right of individuals to protect their personal data
–> Recognizes the need for organisations to collect, use or
disclose personal data for legitimate and reasonable purposes
–> Does not apply to the public sector, which has separate
rules under the government
where is the PDPA applicable
Has extraterritorial effect.
–> It is applicable to organizations collecting, using or disclosing personal data in Singapore, regardless of the organization’s
physical presence or where it was incorporated
what is the cost of failing to comply with the PDPA
–> 10% of an organization’s annual turnover in Singapore,
or SGD 1 million, whichever is greater
–> Reputation damage
how many PDPA obligations are there
11
what are the 11 PDPA obligations
Accountability
Notification
Consent
Purpose limitation
Accuracy
Protection
Retention Limitation
transfer limitation
Access and correction
data breach notification
data portability
what does accountability mean
Accountability helps organisations to strengthen trust and enhance competitiveness.
Organisations must take responsibility for the personal
data under their possession or control:
* Appoint a data protection officer
* Develop data protection policies
* Foster a data protection awareness and culture
* Implement measures to meet PDPA obligations
what are the pdpa obligations which come under the collection of personal data category
notification
consent
purpose limitation
what does notification mean ?
Notify individuals of the purposes for which the organisation is intending to collect, use or disclose their personal data
Important considerations for Notification include:
* Content of the notification
* Format of the notification
* When to notify
what does consent mean ?
Personal data may be collected, used or
disclosed only after consent has been given
by the individual
Important considerations for obtaining Consent
include:
* Consent cannot be accepted, unless the individual
has been Notified of the purposes
* Allow the individual to withdraw consent
* Consent can be obtained in writing or verbally
Collection of Personal Data
what does purpose limitation mean ?
Personal data may be collected, used or
disclosed ONLY for the purposes that is
reasonable to provide the organisation’s
product or service
Important considerations for Purpose Limitation
include:
* Collect, use and disclose personal data, that are
relevant for the purposes
* Ensure the purposes are reasonable for the product
or service provided
4 obligations under care for personal data
accuracy
protection
retention limitation
transfer limitation
what does accuracy mean ?
Organizations should ensure that the personal data collected is accurate and complete
Important considerations for Accuracy include:
* Reliability of the data
* Currency of the data
* Impact of the data
what does protection mean ?
Organizations should put in place the required security measures to protect personal data to prevent unauthorized
access
Important considerations for Protection include:
* Well-trained personnel responsible for ensuring
information security
* Robust information security policies and procedures
* Breach response preparedness
