PDPA Essentials (For Non-Legal Professionals)$428.00
About this course
The course is carefully designed to the key components of legislative and regulatory compliance in accordance to the Personal Data Protection Act 2012 (PDPA). The key concepts of collection, use and disclosure of individual’s personal data by organisations will be covered. It is designed to provide both the staffs who are handling data, as well as Data Protection Officers (DPO) in Organisations to understand and have an overview of the key functions, amongst others, of promoting awareness of data protection in Singapore, administering and enforcing the PDPA and compliance related to Data Protection in Singapore context.
The course will give course participants a good overview and understanding of the PDPA and how it may be applied to the organisations for compliance.Upon completion of the course, the participant should be able to: Identify legislative and regulatory requirements under the PDPA that the organisation has to comply with; Communicate key legislative and regulatory requirements under the PDPA and related management systems to relevant stakeholders to facilitate compliance; Assess the organisation s internal policies and procedures to ensure compliance; Identify and document areas of non-compliance in business activities; Assist in review of the organisations guidelines / policies for adherence to requirements under the PDPA; Assist in the implementation of procedures to ensure adherence to requirements under the PDPA in the day-to-day operations of the organisation; and prepare management report for follow-up action.
- Overview of the PDPA
- Data protection provisions
- Do Not Call Registry
- Important entities under the PDPA (PDPC and DPO)
- Differences between PDPA obligations for BtoB and BtoC businesses
- 9 Key Data Protection obligations
- Main obligations of organisations relating to the sending of marketing messages to Singapore telephone numbers.
- 3 registers for telephone calls, text messages and faxes (does not cover email addresses and social media)
- Circumstances when a business send marketing messages without needing to check the DNC registers, with case studies.
- Consent, not a “specified message”, falls within Eighth Schedule.
- Consequences for breaches of DNC obligations under the PDPA
- Case studies on breaches of the DNC obligations and consequences.
- Exclusions from the data protection obligations
- Specific areas for Data Protection (Anonymisation, Analytics, research, Employment and NRIC treatment and alternatives)
- Data protection officer duties
- Setting up and implementing a Personal Data Protection Policy, with examples
- What can the Commission do in event of breach
- What should the organisation do in event of a complaint of a breach