2 Days Personal Data Protection Act in Singapore (Advanced Workshop)
The Singapore Personal Data Protection Act (“PDPA”) came into force over two phases, the provisions relating to the Do Not Call regime came into force at the beginning of 2014 and the remaining provisions of the PDPA came into force in the middle of 2014. Since then, many organizations are still grappling with the implementation of their compliance program to meet their obligations under the PDPA. Now, three years on, it is a good time for your organization to get updated on the latest regulation and compliance requirement within the framework of the advisory guidelines issued by the Personal Data Protection Commission.
A 2 Day Workshop to help your organization developed an Effective System to ensure Full compliance with the PDPA latest PDPA Requirement
Exemptions to PDPA? What You Must Know
Due to the serious potential consequences for breaches of the PDPA, in this 2-day Advanced PDPA workshop, we will be covering a detailed understanding of the critical provisions of the PDPA.It is hoped, thereby, that attendees will be able to ensure that their organizations are PDPA-compliant in all respects. Reference will be made to cases involving breaches and alleged breaches of the PDPA.
Who Should Attend?
Additionally, it is targeted at the executives of such organizations such as the Chief Executive Officer, President, Managing Director, Chief Financial Officer, Chief Information Officer and Directors who should also have a good knowledge of the PDPA. This is so they can supervise the employees who handle personal data as there are criminal and civil sanctions for the breach of the PDPA.
“The trainer explained in simple layman terms even though he is a lawyer. He is very patient in explaining and we have learned a lot” – Florence Ho, Lions Home For Elders
Trainer: Mirza Khaleel Namazie, Advocate & Solicitor (Singapore)
Apart from his experience in advising local and international clients in private practice on a variety of commercial, corporate and litigation matters, Khaleel worked in the Asia Pacific Legal Department of Hewlett-Packard Singapore Pte Ltd as a Commercial Contracts Manager with special responsibility for the Asia Emerging Countries of Pakistan, Bangladesh and Vietnam and with Singapore Telecommunications Limited as Senior Legal Counsel as part of the SingTel Global Offices team. During that time, he was also responsible for negotiating the legal aspects of a number of high value telecommunications and IT agreements with a significant number of Fortune 500 companies.
- The data protection provisions
- The Do Not Call registry provisions
Scope of significant terms under the PDPA such as but not limited to ‘personal data’, ‘individuals’, ‘organizations’, ‘data intermediaries’, ‘processing’, ‘collection’, ‘use and disclosure’, ‘reasonable’ and exclusions thereto.
The scope of the 9 Obligations under the data protection provisions of the PDPA and exceptions thereto
- The Consent Obligation
- The Purpose Limitation Obligation
- The Notification Obligation
- The Access and Correction Obligation
- The Accuracy Obligation
- The Protection Obligation
- The Retention Limitation Obligation
- The Transfer Limitation Obligation
- The Openness Obligation
Data Protection Officer – Dos and Don’t
- Your personal and organizational responsibilities
- Appointment and Role
- Responsibility to ensure compliance with the PDPA
- Understanding the criminal and civil sanctions for breaches of the PDPA
- Case Studies involving breaches and alleged breaches of the PDPA
- What this means
- When this is appropriate to be implemented
Applicability of the PDPA to different situations
- Photography, recordings and CCTV
- Online matters
- Personal identification documentation such as NRIC
Developed an Effective System in place to ensure compliance with the PDPA
- Awareness of the PDPA among management and employees
- Internalizing the importance of the PDPA among all members of the organization
- Training and updating all members of the organization on the PDPA and updates thereto by conducting A Personal Data Audit
- What to do if the organization is not PDPA-compliant
The Do Not Call (DNC) Registry
- Establishment of the Registry
- The registers that are maintained by the Registry
- Obligations of organizations relating to the sending of marketing messages
- Exceptions to the above obligations