dotlah! dotlah!
  • Cities
  • Technology
  • Business
  • Politics
  • Society
  • Science
  • About
Social Links
  • zedreviews.com
  • citi.io
  • aster.cloud
  • liwaiwai.com
  • guzz.co.uk
  • atinatin.com
0 Likes
0 Followers
0 Subscribers
dotlah!
  • Cities
  • Technology
  • Business
  • Politics
  • Society
  • Science
  • About
  • Technology

Mastering The ‘Must-Dos’ Of Data Protection

  • November 3, 2021
Total
0
Shares
0
0
0

With online experiences full of ads and sponsored posts vying for our attention, businesses are turning to data analytics to gain an edge and win the attention of consumers. Spanning both physical and virtual business decisions, data has become the world’s most valuable resource—more so than oil. Each tap, swipe and purchase allows companies to collect data that can help improve business. But how can we be sure that our data is kept safe?

In 2012, Singapore put into place the Personal Data Protection Act (PDPA) to regulate the collection, use and disclosure of personal data. Earlier this year, the amended PDPA took effect, addressing the Republic’s evolving digital economy needs and providing guidelines for both consumers and businesses in better protecting personal data.

To help businesses stay accountable and updated with the changes, the Personal Data Protection Commission (PDPC) refreshed the content of two existing guides on data protection to align with the amendments to the PDPA and support businesses in implementing personal data protection policies and processes.

The first guide aims to help organisations develop or improve practices in accountability through the implementation of a Data Protection Management Programme (DPMP), while the other provides an introductory outline on how to address specific personal data protection risks through conducting a Data Protection Impact Assessment (DPIA) for their systems and processes.

DPMP screenshot 1
The four steps of the Guide to Developing A Data Protection Management Programme cover different facets of data protection for a robust system.

Setting up a culture of accountability

Accountability is an overarching principle in the PDPA. To demonstrate accountability, organisations must develop policies, inform and communicate to staff about these policies and appoint a data protection officer (DPO) who ensures that the implemented policies are in compliance with the PDPA. The DPMP encompasses these strategies and guides organisations as they seek to effectively protect data through a four-step framework that they can tailor-fit to better suit their unique contexts.

The first of four steps, ‘Governance and Risk Assessment’, emphasises how management can champion personal data protection.

While personal data may be shared between departments and teams when required, the organisational policies will ensure that all customer data is used in compliance with the PDPA. Additionally, a culture of accountability can trickle down from leaders to staff through company-wide training or regular risk assessments to identify risks like new initiatives or policies that might not comply with PDPA.

In the ‘Policy and Practices’ step, businesses will be asked to consider some general questions to guide their policy implementation. By putting in place clear practices, organisations will also be able to clearly communicate these policies to internal stakeholders like staff and external parties like vendors and customers.

DPMP screenshot 2
The DPMP takes businesses through the steps of deciding whether or not they should implement policies depending on who such policies apply to.

To help organisations design policies, the DPMP guides the organisation through questions such as the data types to be protected and the appropriate level of protection. This section also includes detailed examples, with a proposed situation and recommendations so that companies are aware of the different facets they might need to consider.

Continuous security improvement

The work of securing data does not, however, stop at the creation of new practices and policies. In the ‘Processes’ section, risks identified in the previous section form the basis of checklists and data inventories. It also suggests other mechanisms to safely collect and store data and make data breach reporting easier.

To help establish a clear process for handling data breaches, the guide conveniently provides a handy acronym: CARE, which represents Containing the breach, Assessing the risk, Reporting the incident and Evaluating the response and recovery to prevent future breaches.

DPMP Screenshot 3
The acronym CARE is used to help companies recall the step-by-step approach needed to manage potential data breaches.

The last step, ‘Maintenance’, encourages businesses to regularly review their data protection policies and processes. Instead of only reviewing policies when there is a breach, the PDPC recommends regular audits, reviews and revisions.

All in all, understanding how each step applies in the business context could go a long way towards actively helping organisations protect against data breaches and other risks. With the DPMP guide, organisations can establish robust personal data protection infrastructure with ease. For a more comprehensive guide on managing data breaches, the PDPC also has a Guide on Managing and Notifying Data Breaches Under the PDPA with more detailed information.

You can never be too secure

The PDPC’s DPIA guide goes hand in hand with the DPMP manual by providing businesses with a simple, six-step process for auditing data protection policies and determining risks.

Before beginning, businesses must assess the initial need for a DPIA. Next, the company should plan a DPIA by identifying parameters like scope, frameworks, parties involved and timeline. After developing a plan, map out the flow of relevant personal data involved in the project or policy to be audited. To fully illustrate the point, the guide offers an example of a website administrator who led a DPIA by consulting various departments about how they will access, use and store the collected data from a project.

DPIA Screenshot 1
The Data Life Cycle maps out the six phases involved in a DPIA.

Data protection risks should then be identified by comparing the project against PDPA requirements, and other specific analyses of potential gaps, especially so if there are new changes, be it strategic, operational or relating to their business structure. Finally, businesses can use the insights gathered to develop and implement an action plan and later evaluate the outcome.

Ultimately, there is no one-size-fits-all solution for every company but if businesses follow both the DPMP and DPIA as well as tailor data protection plans to their unique needs, they can be assured of PDPA compliance—while consumers can be assured that their personal data is kept safe.


To find out more about the PDPC and personal data accountability, click here. Meanwhile, view and download the two comprehensive guides through these links:

  • Data Protection Management Programme (DPMP) guide
  • Data Protection Impact Assessment (DPIA) guide

 

 

By Izo Lopez
Source IMDA

Total
0
Shares
Share
Tweet
Share
Share
Related Topics
  • Data Protection
  • IMDA
  • PDPA
  • PDPC
  • Personal Data Protection Act
  • Personal Data Protection Commission
dotlah.com

Previous Article
  • Cities
  • Lah!

9.6km Of New Cycling Paths In Taman Jurong And Tampines

  • November 3, 2021
View Post
Next Article
  • Lah!
  • Technology

Why Biomanufacturing 4.0 Is A Game-Changer

  • November 3, 2021
View Post
You May Also Like
View Post
  • Cities
  • Technology

Meralco PowerGen’s PacificLight starts up 100 MW fast-response plant in Singapore

  • dotlah.com
  • June 20, 2025
View Post
  • Technology

Apple services deliver powerful features and intelligent updates to users this autumn

  • Dean Marc
  • June 12, 2025
View Post
  • Artificial Intelligence
  • Machine Learning
  • Technology

Apple supercharges its tools and technologies for developers to foster creativity, innovation, and design

  • Dean Marc
  • June 11, 2025
View Post
  • Technology
  • Working Life

It’s time to stop debating whether AI is genuinely intelligent and focus on making it work for society

  • dotlah.com
  • June 8, 2025
oracle-ibm
View Post
  • Artificial Intelligence
  • Technology

IBM and Oracle Expand Partnership to Advance Agentic AI and Hybrid Cloud

  • Dean Marc
  • May 6, 2025
View Post
  • Software
  • Technology

Canonical Releases Ubuntu 25.04 Plucky Puffin

  • Dean Marc
  • April 17, 2025
View Post
  • Artificial Intelligence
  • Technology

Tokyo Electron and IBM Renew Collaboration for Advanced Semiconductor Technology

  • Dean Marc
  • April 2, 2025
View Post
  • Artificial Intelligence
  • Technology

IBM contributes key open-source projects to Linux Foundation to advance AI community participation

  • dotlah.com
  • March 22, 2025


Trending
  • 1
    • Cities
    • Lah!
    • Science
    • Technology
    Preparing For Future Pandemics With Hi-Tech Lab
    • July 6, 2021
  • China 2
    • Cities
    6 Cities That Rank High When It Comes To Electricity Consumption
    • October 26, 2020
  • 3
    • Cities
    • Climate Change
    Think Globally, Rebuild Locally
    • April 2, 2024
  • 4
    • Environment
    Top 10 Countries With The Largest Contribution Of Garbage In The Ocean
    • June 17, 2019
  • 5
    • Cities
    • Lah!
    IMDA Collaborates With Industry To Help Singaporeans Continue To Enjoy A High Quality Of Life From Home With Digital Tech Amid COVID-19
    • March 26, 2020
  • 6
    • Cities
    To Help Solve Global Problems, Look To Developing Countries
    • February 29, 2020
  • 7
    • Lah!
    Mediacorp And Temasek Polytechnic Join Hands In Collaboration Agreement
    • June 17, 2020
  • 8
    • Lah!
    UOB Collaborates With CapitaLand On Singapore’s First Dual Tranche SORA-SOFR Loan
    • September 6, 2020
  • workplace-office-employees-pexels-photo-3182773 9
    • Business
    • People
    7 Ways To Decrease Your Employee Turnover Rate
    • June 21, 2021
  • 10
    • Technology
    Sembcorp To Build 8.2 Megawatt-Peak Solar Power Energy System On Singapore Airlines And SIA Engineering Company’s Properties
    • February 13, 2020
  • 11
    • Cities
    Grab Announces Additional COVID-19 Support Measures
    • March 31, 2020
  • Unleashing Limitless Adventures: Hypershell X Series - The Next-Gen Exoskeleton at CES 2025 12
    • Technology
    Unleashing Limitless Adventures: Hypershell X Series – The Next-Gen Exoskeleton at CES 2025
    • January 7, 2025
Trending
  • 1
    Meralco PowerGen’s PacificLight starts up 100 MW fast-response plant in Singapore
    • June 20, 2025
  • 2
    A Father’s Day Gift for Every Pop and Papa
    • June 14, 2025
  • 3
    Apple services deliver powerful features and intelligent updates to users this autumn
    • June 12, 2025
  • 4
    Apple supercharges its tools and technologies for developers to foster creativity, innovation, and design
    • June 11, 2025
  • 5
    It’s time to stop debating whether AI is genuinely intelligent and focus on making it work for society
    • June 8, 2025
  • 6
    PBBM asks Singapore to invest more in PH renewable energy projects
    • June 6, 2025
  • 7
    Singapore PM Wong arrives in Malacañang
    • June 4, 2025
  • 8
    Renewable energy, carbon credits are priority areas of cooperation for Singapore, Philippines: Lawrence Wong
    • June 4, 2025
  • 9
    Singapore businesses eye more investments in PH, says PM Wong
    • June 4, 2025
  • 10
    The Summer Adventures : Hiking and Nature Walks Essentials
    • June 3, 2025
Social Links
dotlah! dotlah!
  • Cities
  • Technology
  • Business
  • Politics
  • Society
  • Science
  • About
Connecting Dots Across Asia's Tech and Urban Landscape

Input your search keywords and press Enter.