fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

The Importance Of Knowing Personal Data Protection Regulations

Personal data protection regulations
 A request to an organization must be made in writing and shall include sufficient detail to enable the organization, with a reasonable effort, to identify.

The Importance Of Knowing Personal Data Protection Regulations

These Regulations may be cited as the Personal Data Protection Regulations 2014.

Requests For Access To And Correction Of Personal Data

In this Part, unless the context otherwise requires “applicant” means an individual who makes a request; “data protection officer”, in relation to an organisation, means an individual designated by the organisation under section 11(3) of the Act or an individual to whom the responsibility of the data protection officer has been delegated under section 11(4) of the Act; “individual’s personal data” means personal data protection regulations about the individual; “request” means a request to an organisation made under section 21(1) or 22(1) of the Act; “use and disclosure information” means the information specified in section 21(1)(b) of the Act.

How to make request

(1)  A request to an organisation must be made in writing and shall include sufficient detail to enable the organisation, with a reasonable effort, to identify :

(a) the applicant making the request;

(b) in relation to a request under section 21(1) of the Act, the personal data protection regulations and use and disclosure information requested by the applicant; and

(c) in relation to a request under section 22 of the Act, the correction requested by the applicant.

(2)  A request must be sent to the organisation:

(a) in accordance with section 48A of the Interpretation Act (Cap. 1);

(b) by sending it to the organisation’s data protection officer in accordance with the business contact information provided under section 11(5) of the Act; or

(c) in such other manner as is acceptable to the organisation.

Duty to respond to request under section 21(1) of Act

(1)  Subject to section 21(2), (3) and (4) of the Act and personal data protection regulations 6 and 7(3), an organisation must respond to each request to it under section 21(1) of the Act as accurately and completely as necessary and reasonably possible.

(2) The organisation must provide an applicant access to the applicant’s personal data protection regulations requested under section 21(1) of the Act:

(a) by providing the applicant a copy of the personal data protection regulations and use and disclosure information in documentary form;

(b) if sub-paragraph (a) is impracticable in any particular case, by allowing the applicant a reasonable opportunity to examine the personal data protection regulations and use and disclosure information; or

(c) in such other form requested by the applicant as is acceptable to the organisation.

The data subjects are identifiable if they can be directly or indirectly identified, especially by reference to an identifier.

Notification of timeframe for response

Subject to the requirement to comply with section 21(1) of the Act as soon as reasonably possible or section 22(2) of the Act as soon as practicable, if the organisation is unable to comply with that requirement within 30 days after receiving a request made in accordance with personal data protection regulations 3, the organisation must within that time inform the applicant in writing of the time by which it will respond to the request.

Also read: Privacy policy template important tips for your business

Refusal to confirm or deny existence, use or disclosure of personal data

Subject to section 21(4) of the Act, an organisation, in a response to a request to it under section 21(1) of the Act, may refuse to confirm or may deny:

(a) the existence of personal data referred to in paragraph 1(h) of the Fifth Schedule to the Act; or

(b) the use of personal data protection regulations without consent under paragraph 1(e) of the Third Schedule to the Act or the disclosure of personal data without consent under paragraph 1(f) of the Fourth Schedule to the Act, for any investigation or proceedings, if the investigation or proceedings and related appeals have not been completed.

Personal data is the entryway to the application of the General Data Protection Regulation (GDPR). 

Fees

(1)  Subject to section 28 of the Act, an organisation may charge an applicant who makes a request to it under section 21(1) of the Act a reasonable fee for services provided to the applicant to enable the organisation to respond to the applicant’s request.

(2)  An organisation must not charge a fee to respond to the applicant’s request under section 21(1) of the Act unless the organisation has:

(a) provided the applicant with a written estimate of the fee; and

(b) if the organisation wishes to charge a fee that is higher than the written estimate provided under sub-paragraph (a), notified the applicant in writing of the higher fee.

(3)  An organisation does not have to respond to an applicant’s request under section 21(1) of the Act unless the applicant agrees to pay the following fee:

(a) where the organisation has notified the applicant of a higher fee under paragraph (2)(b)

(i) if the Commission has reviewed the higher fee under section 28(1) of the Act, the fee allowed by the Commission under section 28(2) of the Act; or

(ii) if sub-paragraph (i) does not apply, the higher fee notified under paragraph (2)(b); or

(b) where sub-paragraph (a) does not apply and the organisation has provided the applicant with an estimated fee under paragraph (2)(a)

(i) if the Commission has reviewed the estimated fee under section 28(1) of the Act, the fee allowed by the Commission under section 28(2) of the Act; or

(ii) if sub-paragraph (i) does not apply, the estimated fee provided under paragraph (2)(a).

 For the avoidance of doubt, an organisation shall not charge the applicant any fee to comply with its obligations under section 22(2) of the Act.

Also read: 12 brief explanation about the benefits of data protection for business success

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us