pdpa data obligations Flashcards
1
Q
pdpa data obligations + their main usage
A
- notification (collection of data)
- consent (collection/storage of data)
- purpose limitation (use/disclosure of data)
- accuracy (use of data)
- protection (storage/management of data)
- retention limitation (storage of data)
- access & correction (use of data)
- data breach notification (storage of data)
2
Q
notification pdpa obligation + usage
A
- collection of data
- notify individuals on purposes for collecting, using & disclosing their personal data
- incl privacy policy/t&c page stating how user data will be used
3
Q
consent pdpa obligation + usage
A
- collection/storage of data
- collect/use/disclose personal data for purposes which individuals have given consent to & also allow them to withdraw their consent with reasonable notice
- get consent frm users when collecting/storing their data
4
Q
purpose limitation pdpa obligation + usage
A
- use/disclosure of data
- collect/use/disclose personal data for purposes that a reasonable person wld consider appropriate under given circumstances & for which the individual has given consent to
- set access permissions / implement accounting processes like activity logging system to limit employees access to user data
5
Q
accuracy pdpa obligation + usage
A
- use of data
- ensure that personal data collected is accurate & complete esp if its likely to be used to make a decision that affects the individual / to be disclosed to another organisation
- regularly send out emails prompting users to update their data if there are any changes to it
6
Q
protection pdpa obligation + usage
A
- storage & management of data
- make reasonable security arrangements to protect the personal data in your possession to prevent unauthorised access, collection, use, disclosure / similar risk
- install IDS/IPS/network security to guard against network intrusion, protecting personal data stored
7
Q
retention limitation pdpa obligation + usage
A
- storage of data
- stop keeping personal data / dispose of it properly when its no longer needed for any business / legal purpose
- allow users to request for data deletion / delete users data upon de-registeration (implemented via accounting process like activity logging system of customers’ activity)
8
Q
access & correction pdpa obligation + usage
A
- use of data
- upon request, provide individuals with access to their personal data & info on how it was used/disclosed within a year & correct any error/omission upon request
- add a profile page that allows users to edit their particulars
9
Q
data breach notification pdpa obligation + usage
A
- storage of data
- if theres a data breach & likely results in significant harm to individuals &/or are of significant scale, notify PDPC & affected individuals ASAPracticable
- implement accounting process like activity logging system / IDS to detect data breaches & report them when necessary