Organisations today operate in an increasingly connected and competitive digital economy where individuals’ online and real-world activities generate a burgeoning amount of data. In such a competitive and evolving business environment, a “checkbox” compliance approach towards the handling of personal data is increasingly impractical and insufficient to keep pace with the developments in data processing activities.
Accountability PDF in relation to personal data protection is the undertaking and demonstration of responsibility for the personal data in the organization’s possession or control. As a principle in personal data protection frameworks, accountability PDF was first introduced in 19802 by the OECD and has since gained traction internationally. For example, accountability PDF is one of the key principles highlighted under the APEC Privacy Framework. Accountability PDF is also one of the obligations in the European Union General Data Protection Regulation (“GDPR”).
Accountability PDF is a fundamental principle of the Personal Data Protection Act (“PDPA”),5 which requires organizations to ensure and demonstrate compliance with the PDPA. Collectively, sections 11 and 12 of the PDPA form the accountability PDF obligation under the PDPA. First and foremost, an organization is responsible for the personal data in its possession or under its control. Each organization is required to:
Good accountability PDF practices begin with an organisation’s leadership, and is directed through its corporate governance and policies. A key step to ensure a commitment to accountability PDF is to embed personal data protection into corporate governance as the involvement of the senior management is crucial.
Responsibilities of senior management include the following:
Also read: Privacy policy template important tips for your business
Personal data protection is the responsibility of every employee, and
not only limited to appointed data protection representatives of the
organisation. It cuts across roles, functions and hierarchy and should
be practiced by staff (including volunteers and contract staff) at all
levels of the organisation as well as third-party service providers.
An accountable organisation not only develops and communicates
its data protection policies, but also puts in place effective processes
to operationalize its data protection policies throughout the data
life cycle (i.e. from collection to disposal of personal data) and across
business processes, systems, products or services.
To provide practical assistance and help organisations put
accountability PDF into practice, the PDPC has developed and promoted
the adoption of accountability PDF tools, such as the DPMP, risk and
impact assessments (e.g. DPIA) and gap analysis assessments (e.g.
PATO) for organisations.
Accountability PDF practices have enabled the development and implementation of a number of initiatives to support commerce between or with accountable organisations. Organisations may choose to engage an independent third party assessor to certify their data protection policies and practices through the Data Protection Trustmark (“DPTM”) Certification.
Also read: 7 Useful Tools On How To Find Company Contact Information
Established in 2018, Privacy Ninja is a Singapore-based IT security company specialising in data protection and cybersecurity solutions for businesses. We offer services like vulnerability assessments, penetration testing, and outsourced Data Protection Officer support, helping organisations comply with regulations and safeguard their data.
Singapore
7 Temasek Boulevard,
#12-07, Suntec Tower One,
Singapore 038987
