DATA ASSURANCE TO COMPLY WITH PDPA SINGAPORE

Personal Data Protection Act 2012 (PDPA) Singapore

Singapore Personal Data Protection Act 2012 (PDPA) is a law that governs the collection, use and disclosure of personal data by all private organisations. The Act has come into full effect on 2nd July 2014.

Organisations that collect, use and disclose personal data are required to develop and implement policies and practices that are necessary for the organisation to comply with the Personal Data Protection Act 2012 (PDPA).

This will help organisations to develop or improve their personal data protection policies and practices through the implementation of a Data Protection Management Programme (DPMP).

organisations should enhance their personal data protection policies and practices to their organizational needs.

Why to Comply With the PDPA Singapore ?

  • Organisations should develop and communicate a personal data protection policy for both its internal stakeholders (e.g. staff) and external parties (e.g. customers). This will provide clarity to internal stakeholders on the responsibilities and processes on handling personal data in their day-to-day work .
  • DPMP is a systematic framework to help organisations establish a robust data protection infrastructure. Having an established DPMP helps an organisation to demonstrate accountability in data protection.
  • It covers management policies and processes for the handling as well as defining roles and responsibilities of the people in the organisation in relation to personal data protection.
  • This provides confidence to stakeholders and fosters high-trust relationships with customers and business partners.
  • Organisations which fail to comply with PDPA may be fined up to $1 million and suffer reputation damage.

PDPA SINGAPORE PRINCIPLES

Purpose Limitation

Only use or disclose personal data for the purposes defined.

Notification

Inform the individuals on the purposes for collection, use and disclosure of their personal data during collection.

Consent ​

Ensure that the consent has been obtained from the individuals before collecting, using or disclosure of the personal data.

Access and Correction

Upon request, provide the personal data of the individual and information on how the individual’s personal data has been used or disclosed in the past year. Correct an individual’s personal data upon request.

Accuracy

Ensure that personal data is accurate and complete during collection or when making a decision which will affect the individual.

Protection

Keep personal data in your possession secure from unauthorized access, modification, disclosure, use, copying, whether in hardcopy or electronic form.

Retention Limitation

Retain personal data only for business/legal purposes and securely destroy personal data when no longer needed.

Transfer Limitation

Ensure overseas external organisations provide a standard of protection comparable to the protection under the Singapore PDPA

Openness

Designate a Data Protection Officer and publish his/her business contact information. Make available personal data protection policies and practices to public and employees, including complaint process.

Do-Not-Call (DNC)

Do not send marketing messages to individuals who have registered in the National DNC registry through voice, text messages or fax unless you have obtained their clear and unambiguous consent or have an on-going relationship (for text / fax).

PDPA SINGAPORE COMPLIANCE PLAN PROCESS

BUSINESS BENEFITS

Operationalize
Regulatory Policies

Govern regulatory policies in a centralized location. Define and document policies & controls, Governance processes, Critical Data Elements, Data Categories, Data Subcategories, DQ dimensions and DQ rules

Enhance Governance
of Restricted Data

Mapping of data to critical data elements ensuring restricted data is effectively validated by customizing the workflows and used for ongoing PDPA compliance as the law evolves.

Expedite Responses
to Maintenance Issues

Manage the governance stewardship to rectify the error data and quickly address issues with targeted maintenance alerts.

Reduce Compliance
Risk by Monitoring Risk Reports

Track and analyze Data risk effectively by monitoring the reports to mitigate business impact.

DATA INSIGHTS PLATFORM(DIP) SOLUTION FOR REGULATORY COMPLIANCE

bcbs

Data Insights Platform (DIP) is a Data Governance framework tool designed specifically for Regulatory compliance , with pre-configured content like Policies, Controls, data categories, Sub-Categories, Critical Data Elements, workflows, reports, dashboards, and more.

Data Insights Platform (DIP) offers a centralized location where you can document, govern and collaborate around privacy and security policies to ensure they are effectively managed across the enterprise. It also allow organizations to establish a data mapping system to record processing activities and perform data Quality assessments.

Data Insights Platform (DIP) provides a sustainable approach to regulatory policies by managing the compliance through risk evaluations and assessments then take remediation actions as issues arise. Manage approvals, identify risk controls and tailor workflows to match specific business needs. Monitor compliance progress through easy-to-understand dashboards and reports which shows the regulatory violations details.

AMURTA’s Data Insights Platform is an enterprise-level solution that enhances productivity and perform better by turning raw data into actionable insights. This platform put people and process in place which improves automating the data governance and data management to deliver the trusted data to the business users who can quickly chart out the reality of data, its lineage, and usage across the policies, processes, projects, and regulation.

SPEAK TO OUR EXPERTS TODAY

If you have queries  we are ready to discuss how our Data Insights Platform can help you in improving your organization governance process.