Data Privacy Flashcards
What is consent obligation?
Only collect, use, or disclose personal data for purposes for which an individual has given their consent.
Allow the individual to withdraw consent, with reasonable notice, and inform him/her of the likely consequences of withdrawal. Once consent is withdrawn, make sure that you cease to collect, use or disclose the individual’s personal data.
What is notification obligation?
Notify individuals of the purposes for which your organisation is intending to collect, use or disclose their personal data on or before such collection, use or disclosure of personal data.
What is access and correction obligation?
Upon request, the personal data of an individual and information about the ways in which his or her personal data has been or may have been used or disclosed within a year before the request should be provided. Organisations are also required to correct any error or omission in an individual’s personal data that is raised by the individual.
What is accuracy obligation?
Make reasonable effort to ensure that the personal data collected is accurate and complete, especially if it is likely to be used to make a decision that affects the individual or to be disclosed to another organisation.
What is protection obligation?
Make reasonable security arrangements to protect the personal data that your organisation possesses or controls to prevent unauthorised access, collection, use, disclosure, or similar risks.
What is retention limitation obligation?
Cease retention of personal data or remove the means by which the personal data can be associated with particular individuals when it is no longer necessary for any business or legal purposes.
What is transfer limitation obligation?
Transfer personal data to another country only according to the requirements prescribed under the regulations, to ensure that the standard of protection is comparable to the protection under the PDPA, unless exempted by the PDPC.
What is data breach notification obligation?
In the event of a data breach, organisations must take steps to assess if it is notifiable. If the data breach likely results in significant harm to individuals, and/or are of significant scale, organisations are required to notify the PDPC and the affected individuals as soon as practicable.
What is purpose limitation obligation?
Only collect, use or disclose personal data for the purposes that a reasonable person would consider appropriate under the given circumstances and for which the individual has given consent.
An organisation may not, as a condition of providing a product or service, require the individual to consent to the collection, use or disclosure of his or her personal data beyond what is reasonable to provide that product or service.
What is Accountability obligation?
Undertake measures to ensure that organisations meet their obligations under the PDPA such as making information about your data protection policies, practices and complaints process available upon request and designating a data protection officer (DPO) and making the business contact information available to the public.
What is Data Portability obligation?
At the request of the individual, organisations are required to transmit the individual’s data that is in the organisation’s possession or under its control, to another organisation in a commonly used machine-readable format.
what are the PDPA obligations
CAPP:
Consent obligation
Access Correction obligation
Protection obligation
Purpose limitation obligation
RATED:
Retention Limitation obligation
Accuracy obligation
Transfer limitation
E (Accountability -> enforcement ) obligation
Data breach notification / Notification obligation