Also Read: Key PDPA Amendments 2019/2020 You Should Know

The PDPA Singapore checklist under 4 classifications

The considerations that organisations should deal with can be broadly classified into four categories.

1. Collection, management, retention and disposal of personal data

1. Does your organisation guarantee that the personal data collected is relevant for the intention alone and not some other hidden agenda or purpose?
2. Are the people involved in this data collection made fully cognizant of the data collection purpose on or before the collection of their personal data?
3. Organisations must also see to it that collection of sensitive data is limited and needed only if relevant and should not be unnecessarily collected.
4. Is the consent sought and received by your organisation for the collection, use and disclosure of personal data?
5. Does your organisation also see to it that third party involved in data collection is clear on their PDPA duties as well as adhere to the strict provisions set by PDPA with regard to the handling and collection of personal data by third party?
6. Does your organisation guarantee proper use and disclosure of personal data collected?
7. Is your organisation knowledgeable in handling transfer of personal data and can it ensure that the transfer of data overseas is in compliance with PDPA?
8. Does your organisation know and comprehend the fulfillment of PDPA obligations with regard to working with 3rd party (such as an agent or a data intermediary) of the company managing the personal information data transfer?

2. Security, update, and maintenance of personal data

1. Does your organisation have proper security provisions in place to prevent illegal access, collection and use of its personal data in its safekeeping or under its management?
2. These security provisions must be developed on pertinent risk assessments, kind and sensitivity of personal data and chances and impact of illegal access, deletion or other use.
3. Organisations must see to it that these security provisions are constantly updated and shared with relevant stakeholders.
4. Organisations must also see to it that processes are in place for third parties to make fair arrangements to protect personal data.
5. Does your organisation have pertinent data retention policies for various types of personal data? This is also applicable to third parties in possession of their personal data.
6. Does your organisation have provisions in place to deal with unsolicited personal data?
7. Does your organisation have provisions in place to dispose of personal data? This is also applicable to third parties in possession of their personal data.
8. Does your organisation make sure that its personal data is correct, and that personal data shared with other organisations is correct and complete?
9. How does your organisation handle erroneous data?

📌 Do you know that appointing a Data Protection Officer (DPO) is not only mandatory under the PDPA, but is also crucial to ensuring that your organisation is fully compliant to the PDPA provisions? Check out how Privacy Ninja’s DPO-as-a-Service can help you manage the PDPA Singapore checklist and more, while you focus on what you do best, to grow the business. 3. A person’s rights to personal data access and erasure

1. Does your organisation have provisions in place and furnish information on how individuals may withdraw permission on the use of their personal data and the implications of withdrawing consent?
2. Does your organisation have provisions in place and furnish information on how individuals can ask for access to their personal data? Is there a process in place to adhere to the person’s request?
3. Does your organisation have provisions in place and furnish information on how people can amend their personal data under its possession?