pdpa data obligations Flashcards

1
Q

pdpa data obligations + their main usage

A
  • notification (collection of data)
  • consent (collection/storage of data)
  • purpose limitation (use/disclosure of data)
  • accuracy (use of data)
  • protection (storage/management of data)
  • retention limitation (storage of data)
  • access & correction (use of data)
  • data breach notification (storage of data)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

notification pdpa obligation + usage

A
  • collection of data
  • notify individuals on purposes for collecting, using & disclosing their personal data
  • incl privacy policy/t&c page stating how user data will be used
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

consent pdpa obligation + usage

A
  • collection/storage of data
  • collect/use/disclose personal data for purposes which individuals have given consent to & also allow them to withdraw their consent with reasonable notice
  • get consent frm users when collecting/storing their data
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

purpose limitation pdpa obligation + usage

A
  • use/disclosure of data
  • collect/use/disclose personal data for purposes that a reasonable person wld consider appropriate under given circumstances & for which the individual has given consent to
  • set access permissions / implement accounting processes like activity logging system to limit employees access to user data
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

accuracy pdpa obligation + usage

A
  • use of data
  • ensure that personal data collected is accurate & complete esp if its likely to be used to make a decision that affects the individual / to be disclosed to another organisation
  • regularly send out emails prompting users to update their data if there are any changes to it
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

protection pdpa obligation + usage

A
  • storage & management of data
  • make reasonable security arrangements to protect the personal data in your possession to prevent unauthorised access, collection, use, disclosure / similar risk
  • install IDS/IPS/network security to guard against network intrusion, protecting personal data stored
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

retention limitation pdpa obligation + usage

A
  • storage of data
  • stop keeping personal data / dispose of it properly when its no longer needed for any business / legal purpose
  • allow users to request for data deletion / delete users data upon de-registeration (implemented via accounting process like activity logging system of customers’ activity)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

access & correction pdpa obligation + usage

A
  • use of data
  • upon request, provide individuals with access to their personal data & info on how it was used/disclosed within a year & correct any error/omission upon request
  • add a profile page that allows users to edit their particulars
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

data breach notification pdpa obligation + usage

A
  • storage of data
  • if theres a data breach & likely results in significant harm to individuals &/or are of significant scale, notify PDPC & affected individuals ASAPracticable
  • implement accounting process like activity logging system / IDS to detect data breaches & report them when necessary
How well did you know this?
1
Not at all
2
3
4
5
Perfectly