2 Days Personal Data Protection Act in Singapore (Advanced Workshop)
The Singapore Personal Data Protection Act (“PDPA”) came into force over two phases, the provisions relating to the Do Not Call regime came into force at the beginning of 2014 and the remaining provisions of the PDPA came into force in the middle of 2014. Since then, many organizations are still grappling with the implementation of their compliance program to meet their obligations under the PDPA. Now, three years on, it is a good time for your organization to get updated on the latest regulation and compliance requirement within the framework of the advisory guidelines issued by the Personal Data Protection Commission.
A 2 Day Workshop to help your organization developed an Effective System to ensure Full compliance with the PDPA latest PDPA Requirement
The objective of this 2-day advanced course is to provide a step by step guide on how you can develop an effective and easy to maintain system within your organization to ensure that your organizational be in Full compliance of the latest Requirement
Exemptions to PDPA? What You Must Know
While there are certain exemptions to these obligations, it is clear that the organizations have a heavy responsibility particularly in light of the fact that criminal and civil consequences may be the result of one or more breaches of the PDPA.
Due to the serious potential consequences for breaches of the PDPA, in this 2-day Advanced PDPA workshop, we will be covering a detailed understanding of the critical provisions of the PDPA.It is hoped, thereby, that attendees will be able to ensure that their organizations are PDPA-compliant in all respects. Reference will be made to cases involving breaches and alleged breaches of the PDPA.
Who Should Attend?
This course is targeted at all officers and managers of any organization that handle personal data particularly the Data Protection Officer. This includes those in the Human Resources, Legal, Sales, Marketing, Finance, Compliance and Audit teams.
Additionally, it is targeted at the executives of such organizations such as the Chief Executive Officer, President, Managing Director, Chief Financial Officer, Chief Information Officer and Directors who should also have a good knowledge of the PDPA. This is so they can supervise the employees who handle personal data as there are criminal and civil sanctions for the breach of the PDPA.
“An intelligent and knowledgeable facilitator! He gave very helpful case study and it was well-explained. I have learned quite a lot of new knowledge from him!” – Ong Bee Chong, Ministry of Education
“The trainer explained in simple layman terms even though he is a lawyer. He is very patient in explaining and we have learned a lot” – Florence Ho, Lions Home For Elders
Trainer: Mirza Khaleel Namazie, Advocate & Solicitor (Singapore)
Khaleel was admitted as an Advocate & Solicitor of the Supreme Court of Singapore in 1994. He is also a member of the Law Society of England & Wales. He read for a Bachelor’s Degree in Law at the National University of Singapore and for a Master’s Degree in Computer and Communications Law at Queen Mary & Westfield College, University of London, the component subjects which were Information Technology Law, Intellectual Property Law, Telecommunications Law, Electronic Banking Law and Internet Law.
Apart from his experience in advising local and international clients in private practice on a variety of commercial, corporate and litigation matters, Khaleel worked in the Asia Pacific Legal Department of Hewlett-Packard Singapore Pte Ltd as a Commercial Contracts Manager with special responsibility for the Asia Emerging Countries of Pakistan, Bangladesh and Vietnam and with Singapore Telecommunications Limited as Senior Legal Counsel as part of the SingTel Global Offices team. During that time, he was also responsible for negotiating the legal aspects of a number of high value telecommunications and IT agreements with a significant number of Fortune 500 companies.
An Updated View of the latest PDPA Requirement
- The data protection provisions
- The Do Not Call registry provisions
Scope of significant terms under the PDPA such as but not limited to ‘personal data’, ‘individuals’, ‘organizations’, ‘data intermediaries’, ‘processing’, ‘collection’, ‘use and disclosure’, ‘reasonable’ and exclusions thereto.
The scope of the 9 Obligations under the data protection provisions of the PDPA and exceptions thereto
- The Consent Obligation
- The Purpose Limitation Obligation
- The Notification Obligation
- The Access and Correction Obligation
- The Accuracy Obligation
- The Protection Obligation
- The Retention Limitation Obligation
- The Transfer Limitation Obligation
- The Openness Obligation
Data Protection Officer – Dos and Don’t
- Your personal and organizational responsibilities
- Appointment and Role
- Responsibility to ensure compliance with the PDPA
- Understanding the criminal and civil sanctions for breaches of the PDPA
- Case Studies involving breaches and alleged breaches of the PDPA
- What this means
- When this is appropriate to be implemented
Applicability of the PDPA to different situations
- Photography, recordings and CCTV
- Online matters
- Personal identification documentation such as NRIC
Developed an Effective System in place to ensure compliance with the PDPA
- Awareness of the PDPA among management and employees
- Internalizing the importance of the PDPA among all members of the organization
- Training and updating all members of the organization on the PDPA and updates thereto by conducting A Personal Data Audit
- What to do if the organization is not PDPA-compliant
The Do Not Call (DNC) Registry
- Establishment of the Registry
- The registers that are maintained by the Registry
- Obligations of organizations relating to the sending of marketing messages
- Exceptions to the above obligations
*Including a brief review of the scope of the European Union General Data Protection Regulation.