fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Advisory Guidelines on Key Concepts in the PDPA: 23 Chapters

Advisory Guidelines on Key Concepts in the PDPA: 23 Chapters

advisory guidelines on key concepts in the pdpa
These advisory guidelines on key concepts in the PDPA are crucial in bolstering the general understanding of the PDPA of both organisations and individuals

By now, Singaporeans must already be aware that the Personal Data Protection Act of 2012 is Singapore’s legislative response to the pre-existing patchwork of laws. The latter includes common law, sector-specific legislation and various self-regulatory or co-regulatory codes.

It is to be noted that while the PDPA applies to all organisations in respect of the personal data they collect, use, and or disclose, the following categories of organisations are not bound by the PDPA:

  • individuals acting in a personal or domestic scope;
  • employees acting in the duration of their employment with an organisation;
  • public agencies or organisations acting on behalf of a public agency in relation to the collection, use or disclosure of personal data; or
  • any other organisation or personal data, or classes of organisations or personal data as may be defined by the pertinent legislation.

Also Read: 6 Simple Guides on PDPA Clause For Agreements of Personal Data

Advisory Guidelines on Key Concepts in the PDPA

Chapters 1-9

The first 9 chapters of the written guidelines cover the introduction and overview as well as the important terms used in the PDPA. In these beginning chapters, we get a clear definition, among others, of how personal data is identified, what collective data is, and what happens to personal data of deceased individuals.

These chapters also touch on excluded organisations as mentioned earlier in this article.

Chapter 10

This chapter of the advisory guidelines on key concepts in the PDPA delves into the overview of the data protection provisions. It spells out nine main obligations which organisations are enforced to comply with if they undertake activities relating to the collection, use or disclosure of personal data.

These nine main obligations are:

  1. The Consent Obligation
  2. The Purpose Limitation Obligation
  3. The Notification Obligation
  4. The Access and Correction Obligations
  5. The Accuracy Obligation
  6. The Protection Obligation
  7. The Retention Limitation Obligation
  8. The Transfer Limitation Obligation
  9. The Accountability Obligation

Chapter 11-12

Chapter 11 deals with applicability to inbound data transfers. Under this provision, organisations carrying out activities involving personal data in Singapore must adhere to the country’s existing guidelines. Several examples are also fleshed out in this chapter to paint different scenarios of how the PDPA provisions will be applied.

In Chapter 12, we dive into the consent obligation, wherein it states that organisations are mandated to obtain consent from individuals before collecting, using, or disclosing their personal data.

Chapter 13-14

Whereas there are guidelines on where and to whom the PDPA is applied, chapter 13 touches on the purpose limitation obligation. In essence, it states that an organisation may collect, use or disclose personal data about an individual only for purposes:

  • that a reasonable person would consider appropriate in the circumstances; and
  • where applicable, that the individual has been informed of by the organisation

The 14th chapter of the advisory guidelines on key concepts in the PDPA talks about the duty of organisations to inform the individuals of the purposes for which their personal data will be collected, used and disclosed in order to get their consent.

advisory guidelines on key concepts in the pdpa

Chapter 15-16

The 15th and 16th chapters of the advisory guidelines on key concepts in the PDPA discuss the access and correction obligations as well as the accuracy obligation.

In a nutshell, individuals have the right to request for access to their personal data and for correction of their personal data that is in the possession or under the control of the organisation.

As for the accuracy obligation, the PDPA requires an organisation to make a fair effort to make sure that personal data collected is accurate and complete under certain provisions.

Chapter 17-18

Chapter 17 of the advisory guidelines on key concepts in the PDPA walks us through the protection obligation, where it states that an organisation is required by the PDPA to make reasonable security arrangements to protect personal data in its possession. This is to ensure that they can prevent unauthorised access of data, as well as illegal collection, use, disclosure, copying, and modification of such data, among others.

In chapter 18, the retention limitation obligation is discussed, where it fleshes out when an organisation should cease to retain its documents containing personal data, or remove the means by which the personal data can be associated with specific individuals.

Chapter 19-20

Under the provision discussed in chapter 19, an organisation must not transfer any personal data to a country or territory outside Singapore except in accordance with requirements defined under the PDPA.

Chapter 20 talks about the concept of accountability among organisations in the context of how it discharges its responsibility for the personal data it has collected.

Chapter 21-23

The final chapters of the advisory guidelines on key concepts in the PDPA tackle other rights, obligations, and uses. It bookends the whole document by discussing other minor provisions not yet covered in the previous chapters.

Also Read: PDPA For Companies: Compliance Guide For Singapore Business

To reiterate, organisations must adhere to these advisory guidelines on key concepts in the PDPA. This is to make sure they do not violate the data privacy of anyone, and that they uphold their credibility as a responsible organisation.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us