dotlah! dotlah!
  • Cities
  • Technology
  • Business
  • Politics
  • Society
  • Science
  • About
Social Links
  • zedreviews.com
  • citi.io
  • aster.cloud
  • liwaiwai.com
  • guzz.co.uk
  • atinatin.com
0 Likes
0 Followers
0 Subscribers
dotlah!
  • Cities
  • Technology
  • Business
  • Politics
  • Society
  • Science
  • About
  • Technology

Mastering The ‘Must-Dos’ Of Data Protection

  • November 3, 2021
Total
0
Shares
0
0
0

With online experiences full of ads and sponsored posts vying for our attention, businesses are turning to data analytics to gain an edge and win the attention of consumers. Spanning both physical and virtual business decisions, data has become the world’s most valuable resource—more so than oil. Each tap, swipe and purchase allows companies to collect data that can help improve business. But how can we be sure that our data is kept safe?

In 2012, Singapore put into place the Personal Data Protection Act (PDPA) to regulate the collection, use and disclosure of personal data. Earlier this year, the amended PDPA took effect, addressing the Republic’s evolving digital economy needs and providing guidelines for both consumers and businesses in better protecting personal data.

To help businesses stay accountable and updated with the changes, the Personal Data Protection Commission (PDPC) refreshed the content of two existing guides on data protection to align with the amendments to the PDPA and support businesses in implementing personal data protection policies and processes.

The first guide aims to help organisations develop or improve practices in accountability through the implementation of a Data Protection Management Programme (DPMP), while the other provides an introductory outline on how to address specific personal data protection risks through conducting a Data Protection Impact Assessment (DPIA) for their systems and processes.

DPMP screenshot 1
The four steps of the Guide to Developing A Data Protection Management Programme cover different facets of data protection for a robust system.

Setting up a culture of accountability

Accountability is an overarching principle in the PDPA. To demonstrate accountability, organisations must develop policies, inform and communicate to staff about these policies and appoint a data protection officer (DPO) who ensures that the implemented policies are in compliance with the PDPA. The DPMP encompasses these strategies and guides organisations as they seek to effectively protect data through a four-step framework that they can tailor-fit to better suit their unique contexts.

The first of four steps, ‘Governance and Risk Assessment’, emphasises how management can champion personal data protection.

While personal data may be shared between departments and teams when required, the organisational policies will ensure that all customer data is used in compliance with the PDPA. Additionally, a culture of accountability can trickle down from leaders to staff through company-wide training or regular risk assessments to identify risks like new initiatives or policies that might not comply with PDPA.

In the ‘Policy and Practices’ step, businesses will be asked to consider some general questions to guide their policy implementation. By putting in place clear practices, organisations will also be able to clearly communicate these policies to internal stakeholders like staff and external parties like vendors and customers.

DPMP screenshot 2
The DPMP takes businesses through the steps of deciding whether or not they should implement policies depending on who such policies apply to.

To help organisations design policies, the DPMP guides the organisation through questions such as the data types to be protected and the appropriate level of protection. This section also includes detailed examples, with a proposed situation and recommendations so that companies are aware of the different facets they might need to consider.

Continuous security improvement

The work of securing data does not, however, stop at the creation of new practices and policies. In the ‘Processes’ section, risks identified in the previous section form the basis of checklists and data inventories. It also suggests other mechanisms to safely collect and store data and make data breach reporting easier.

To help establish a clear process for handling data breaches, the guide conveniently provides a handy acronym: CARE, which represents Containing the breach, Assessing the risk, Reporting the incident and Evaluating the response and recovery to prevent future breaches.

DPMP Screenshot 3
The acronym CARE is used to help companies recall the step-by-step approach needed to manage potential data breaches.

The last step, ‘Maintenance’, encourages businesses to regularly review their data protection policies and processes. Instead of only reviewing policies when there is a breach, the PDPC recommends regular audits, reviews and revisions.

All in all, understanding how each step applies in the business context could go a long way towards actively helping organisations protect against data breaches and other risks. With the DPMP guide, organisations can establish robust personal data protection infrastructure with ease. For a more comprehensive guide on managing data breaches, the PDPC also has a Guide on Managing and Notifying Data Breaches Under the PDPA with more detailed information.

You can never be too secure

The PDPC’s DPIA guide goes hand in hand with the DPMP manual by providing businesses with a simple, six-step process for auditing data protection policies and determining risks.

Before beginning, businesses must assess the initial need for a DPIA. Next, the company should plan a DPIA by identifying parameters like scope, frameworks, parties involved and timeline. After developing a plan, map out the flow of relevant personal data involved in the project or policy to be audited. To fully illustrate the point, the guide offers an example of a website administrator who led a DPIA by consulting various departments about how they will access, use and store the collected data from a project.

DPIA Screenshot 1
The Data Life Cycle maps out the six phases involved in a DPIA.

Data protection risks should then be identified by comparing the project against PDPA requirements, and other specific analyses of potential gaps, especially so if there are new changes, be it strategic, operational or relating to their business structure. Finally, businesses can use the insights gathered to develop and implement an action plan and later evaluate the outcome.

Ultimately, there is no one-size-fits-all solution for every company but if businesses follow both the DPMP and DPIA as well as tailor data protection plans to their unique needs, they can be assured of PDPA compliance—while consumers can be assured that their personal data is kept safe.


To find out more about the PDPC and personal data accountability, click here. Meanwhile, view and download the two comprehensive guides through these links:

  • Data Protection Management Programme (DPMP) guide
  • Data Protection Impact Assessment (DPIA) guide

 

 

By Izo Lopez
Source IMDA

Total
0
Shares
Share
Tweet
Share
Share
Related Topics
  • Data Protection
  • IMDA
  • PDPA
  • PDPC
  • Personal Data Protection Act
  • Personal Data Protection Commission
dotlah.com

Previous Article
  • Cities
  • Lah!

9.6km Of New Cycling Paths In Taman Jurong And Tampines

  • November 3, 2021
View Post
Next Article
  • Lah!
  • Technology

Why Biomanufacturing 4.0 Is A Game-Changer

  • November 3, 2021
View Post
You May Also Like
View Post
  • Cities
  • Technology

Meralco PowerGen’s PacificLight starts up 100 MW fast-response plant in Singapore

  • dotlah.com
  • June 20, 2025
View Post
  • Technology

Apple services deliver powerful features and intelligent updates to users this autumn

  • Dean Marc
  • June 12, 2025
View Post
  • Artificial Intelligence
  • Machine Learning
  • Technology

Apple supercharges its tools and technologies for developers to foster creativity, innovation, and design

  • Dean Marc
  • June 11, 2025
View Post
  • Technology
  • Working Life

It’s time to stop debating whether AI is genuinely intelligent and focus on making it work for society

  • dotlah.com
  • June 8, 2025
oracle-ibm
View Post
  • Artificial Intelligence
  • Technology

IBM and Oracle Expand Partnership to Advance Agentic AI and Hybrid Cloud

  • Dean Marc
  • May 6, 2025
View Post
  • Software
  • Technology

Canonical Releases Ubuntu 25.04 Plucky Puffin

  • Dean Marc
  • April 17, 2025
View Post
  • Artificial Intelligence
  • Technology

Tokyo Electron and IBM Renew Collaboration for Advanced Semiconductor Technology

  • Dean Marc
  • April 2, 2025
View Post
  • Artificial Intelligence
  • Technology

IBM contributes key open-source projects to Linux Foundation to advance AI community participation

  • dotlah.com
  • March 22, 2025


Trending
  • 1
    • People
    • World Events
    Should You Fly yet? An Epidemiologist And An Exposure Scientist Walk You Through The Decision Process
    • June 22, 2020
  • 2
    • Technology
    UOB Taps Chronicle Software’s Solution For Its Electronic FX Pricing And Trade Engine To Help Customers Access More Competitive FX Pricing
    • June 3, 2021
  • 3
    • Technology
    Game On! Singtel’s PVP Esports Community Leagues Scale Up In 2020
    • February 6, 2020
  • 4
    • Lah!
    Singapore Tops World Competitiveness Ranking For 2020
    • June 25, 2020
  • 5
    • Technology
    Microsoft To Help 25 Million People Worldwide Acquire New Digital Skills Needed For The COVID-19 Economy
    • July 3, 2020
  • goswifties-taylor-swift-travis-kelce-fathers-daughters-super-bowl-bonding 6
    • Featured
    • People
    How Taylor Swift Unexpectedly Brought Fathers and Daughters Together Through Football
    • February 11, 2024
  • 7
    • Lah!
    • Technology
    Companies Collaborate To Explore Hydrogen As A Low-Carbon Alternative For Singapore
    • April 1, 2020
  • 8
    • People
    Building Essential Skills To Succeed
    • May 19, 2023
  • 9
    • Cities
    Real Estate Trends In Texas For 2020
    • January 21, 2020
  • 10
    • Lah!
    The Infinite Hotel Paradox
    • June 19, 2017
  • 11
    • Cities
    • Society
    Asia Dominates When It Comes to Passport Power In 2020
    • January 14, 2020
  • 12
    • Lah!
    • Technology
    SGX And Temasek JV Ties Up With Covalent To Build End-To-End Digital Infrastructure
    • February 2, 2021
Trending
  • Camping 1
    The Summer Adventures : Camping Essentials
    • June 28, 2025
  • 2
    Meralco PowerGen’s PacificLight starts up 100 MW fast-response plant in Singapore
    • June 20, 2025
  • 3
    A Father’s Day Gift for Every Pop and Papa
    • June 14, 2025
  • 4
    Apple services deliver powerful features and intelligent updates to users this autumn
    • June 12, 2025
  • 5
    Apple supercharges its tools and technologies for developers to foster creativity, innovation, and design
    • June 11, 2025
  • 6
    It’s time to stop debating whether AI is genuinely intelligent and focus on making it work for society
    • June 8, 2025
  • 7
    PBBM asks Singapore to invest more in PH renewable energy projects
    • June 6, 2025
  • 8
    Singapore PM Wong arrives in Malacañang
    • June 4, 2025
  • 9
    Renewable energy, carbon credits are priority areas of cooperation for Singapore, Philippines: Lawrence Wong
    • June 4, 2025
  • 10
    Singapore businesses eye more investments in PH, says PM Wong
    • June 4, 2025
Social Links
dotlah! dotlah!
  • Cities
  • Technology
  • Business
  • Politics
  • Society
  • Science
  • About
Connecting Dots Across Asia's Tech and Urban Landscape

Input your search keywords and press Enter.