A Privacy Policy is not only the legally required document to disclose your practices on protecting personal information, but it also allows you to show both your internal and external stakeholders, customers and regulators that you can be trusted, and that you have procedures in place to handle their personal information with care.
This article will discuss the PDPA and third-party requirements while showing examples of the necessary clauses that your Privacy Policy should have. By the end you’ll know why you need one and have a start on creating your own.
Sections 11 and 12 of the Personal Data Protection Act (PDPA) form the Accountability obligation under the PDPA. Requirements include every organization needing to develop and implement policies for data protection, and making available to the public the Business Contact Information (BCI) of the Data Protection Officer (DPO)/any designated individuals ensuring the Organization’s PDPA compliance.
There is no standardized format, but it is logical to cover the 9 obligations of the PDPA. A recommended list of items to be included are as follows:
1 – Introduction
2 – How Personal Data is Collected
3 – Types of Personal Data Collected
4 – How Personal Data is Used
5 – Parties that Personal Data are Disclosed to
6 – Management of the Collection, Usage and Disclosure of Personal Data
7 – Ensuring Accuracy of Personal Data
8 – Protection of Personal Data
9 – Retention of Personal Data
10 – Access and Correction Methods to Personal Data
11 – Transference of Personal Data Overseas
12 – Data Protection Officer Contact Information
13 – Last Updated On
We don’t recommend grabbing the Privacy Policy from another website online, as every business has different data collection and handling processes. Furthermore you will need to have basic knowledge on how to edit the Privacy Policy content to fit your business.
A good news for SMEs is that the Personal Data Protection Committee (PDPC) has made available a FREE Data Protection Notice Generator tool that you can use to create your base template by simply answering a series of questions.
If you find the above information too complicated, fret not! Privacy Ninja is performing a complimentary Privacy Policy review for companies for a limited time only.
All you need to do is contact us and ask for it!
Established in 2018, Privacy Ninja is a Singapore-based IT security company specialising in data protection and cybersecurity solutions for businesses. We offer services like vulnerability assessments, penetration testing, and outsourced Data Protection Officer support, helping organisations comply with regulations and safeguard their data.
Singapore
7 Temasek Boulevard,
#12-07, Suntec Tower One,
Singapore 038987
