Fundamentals of PDPA Course

The personal data protection act or PDPA course is popular among individuals or companies who want their employees to deeply explore the provisions of the PDPA. There are a lot of schools around Singapore and other cities in the world that offer PDPA course classes highlighting the fundamentals of the personal data protection act.

With that said, what are these fundamentals of the PDPA? In this article, we will summarize each to help you prepare or decide whether or not a PDPA course is worth the money. Though the course outlines vary from in each class or school, the premise of the course remains the same.

1. Introduction to the PDPA

Just like in any class or subject, the course begins with an introduction to what the topic is all about, in this case, the personal data protection act. This includes what are the objects of the PDPA and why it was created in the first place. Participants will also learn about the key terms used when discussing the PDPA, may it be complex or simple terms to explain processes, ideas, and concepts.

Since the implementation of the PDPA is worldwide, it is also very important to explore and study the data protection frameworks that exist all around the world. By doing so, the participants can compare and contrast how the PDPA is implemented in other countries. It isn’t entirely different, but it is important to note where the frameworks differ and stay the same.

1. Data Protection Provisions and Do Not Call Provisions

• PDPA 9 Key Obligations
• Consent Obligation
• Purpose Limitation Obligation
• Notification Obligation
• Access & Correction Obligation
• Accuracy Obligation
• Protection Obligation
• Retention Limitation Obligation
• Transfer Limitation Obligation
• Openness Obligation
• Existing Data and Other Existing Laws
• Selected Topics – Employment, NRIC
• Selected Topics – Photography, CCTV, Anonymization, Research & Analytics, Online Activities
• Do Not Call Provisions
  1. DNC Registry – Specified Message and Examples
  2. Exemption Order
  3. DNC Operational Rules
  4. Spam Control Act
• Enforcement

III.            Data Breach Management

Data breaches are one of the biggest concerns that the PDPA wants to address. A data breach is a breach of security that could lead to an accident or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data. All these could endanger life, business or reputation.

There have been many cases of petty and high-profile data breaches in the past. The PDPA aims to stop, prevent and penalize those that are responsible for the breach and hacking. The higher the gravity of the incident is, the higher the price that they also have to pay.

1. Role of the DPO

A DPO or a data protection offer is a vanguard for the compliance of the PDPA. But he or she is also more than that. The DPO plays a vital role in transforming data protection systems to a competitive advantage for the company.

In addition, the DPO is also a champion of trust and honesty for the organization wide PDPA framework and ecosystem. So, does every company or business need a DPO? Yes, a DPO is mandatory if the organization is handling and processing large sets of personal data.

1. Creating a Data Inventory Map

Lastly, creating a data inventory map is an integral part of the PDPA course. For the benefit of those who have no idea what a data inventory map is, it is a collection of all the gathered personal data and organized in a certain way.

It could be sorted into a clean and quick searchable format so going through all the personal data in the database won’t be such a headache for the person required to do so.