Complete Guide to the Personal Data Protection Act
All organizations that process personal data (unless exempted) are subject to the PDPA. The PDPA requires that organizations must take certain steps including but not limited to not disclosing the personal data of employees without their consent, providing rights of access to such personal data and ensuring the right to correct such personal data. While there are certain exemptions to these obligations, it is clear that the organizations have a heavy responsibility particularly in light of the fact that criminal and civil consequences may be the result of one or more breaches of the PDPA. The objective of this one day course is to provide an explanation of the terms of the PDPA to a level that would allow all attendees to understand what steps they must take to ensure that their organizations comply with the same terms.
- The Scope of PDPA
- How PDPA is enforced
- Understand the Principles of Data Protection
- How to be PDPA Compliant on Data Collection
- How, Why and What to Personal Data Disclosure
- Individual Rights under PDPA
- Data Protection Obligations
Who Should Attend?
- Overview of the PDPA
- The scope of the term ‘personal data’ – what does the PDPA cover and what does it not cover. Some of the persons to whom the scope does not apply are employees acting in the course of their employment with an organization. It also does not apply to a public agency or organisation in the course of acting on behalf of a public agency in relation to the collection, use or disclosure of the personal data (as set out in the relevant rules). It also does not cover information such as an individual’s name, position name or title, business telephone number or business electronic which were not provided by the individual solely for his or her personal purposes.
- The general rules under the PDPA that govern the collection, use, disclosure and care of personal data. As summarized on the website of the Personal Data Protection Commission, this includes the rule that organisations may collect, use or disclose personal data only with the individual’s knowledge and consent; that organisationsmay collect, use or disclose personal data in an appropriate manner for the circumstances, and only if they have informed the individual of purposes for the collection, use or disclosure; and organisationsmay collect, use or disclose personal data only for purposes that would be considered appropriate to a reasonable person in the given circumstances. The exceptions to the various rules will also be discussed.
- The persons who are responsible for the collection, use, disclosure and care of personal data.
- The criminal and civil sanctions for breaches of the PDPA.
- The Do Not Call (DNC) Registry
Trainer: Mirza Khaleel Namazie, Advocate & Solicitor (Singapore)
Khaleel was admitted as an Advocate & Solicitor of the Supreme Court of Singapore in 1994. He is also a member of the Law Society of England & Wales. He read for a Bachelor’s Degree in Law at the National University of Singapore and for a Master’s Degree in Computer and Communications Law at Queen Mary & Westfield College, University of London, the component subjects which were Information Technology Law, Intellectual Property Law, Telecommunications Law, Electronic Banking Law and Internet Law.
Apart from his experience in advising local and international clients in private practice on a variety of commercial, corporate and litigation matters, Khaleel worked in the Asia Pacific Legal Department of Hewlett-Packard Singapore Pte Ltd as a Commercial Contracts Manager with special responsibility for the Asia Emerging Countries of Pakistan, Bangladesh and Vietnam and with Singapore Telecommunications Limited as Senior Legal Counsel as part of the SingTel Global Offices team. During that time, he was also responsible for negotiating the legal aspects of a number of high value telecommunications and IT agreements with a significant number of Fortune 500 companies.