Please enable JavaScript.
Coggle requires JavaScript to display documents.
CHAPTER 7 DATA PROCTECTION ACT - Coggle Diagram
CHAPTER 7
DATA PROCTECTION ACT
What is Personal Data?
• Personal data refers to data, whether true or not, about an individual who can be
identified from that data; or from that data and other information to which the
organisation has or is likely to have access. Personal data in Singapore is protected
under the Personal Data Protection Act 2012 (PDPA).
Objectives of the Personal Data Protection Act
• Today, vast amounts of personal data are collected, used and even transferred to third party organisations for a variety of reasons. This trend is expected to grow exponentially as the processing and analysis of large amounts of personal data becomes possible with increasingly sophisticated technology
Data Protection Act Principles:
a) General principle
• The general principle prohibits a data user from processing a data subject’s personal data except with the data subject’s consent and sets out parameters for the processing of personal data.
b) Notice and choice principle
• The Personal Data Protection Act requires a data user to inform a data subject by written notice, in both the national and English languages.
c) Disclosure principle
• This principle prohibits the disclosure, without the data subject’s consent, of
personal data for any purpose other than that for which the data was disclosed at the time of collection.
d) Security principle
• The Personal Data Protection Act imposes obligations on the data user to take steps to protect the personal data during its processing from any loss, misuse, modification, unauthorised or accidental access or disclosure, alteration or destruction.
e) Retention principle
• Under this principle, personal data is not to be retained longer than is necessary
for the fulfilment of the purpose for which it is processed. A duty is also imposed
on the data user to take reasonable steps to ensure that all personal data is
destroyed or permanently deleted if it is no longer required for the purpose for which it was processed.
f) Data integrity principle
• The data user has to take reasonable steps to ensure that the personal data is
accurate, complete, not misleading and kept up-to-date, having regard to the
purpose (and any directly related purpose) for which it was collected and
processed.
g) Access principle
• The Personal Data Protection Act gives the data subject the right to access his
or her own data and to correct the same where the personal data is inaccurate,
incomplete, misleading or outdated. The Personal Data Protection Act provides
ground on which the data user may refuse to comply with a data access or data
correction request by the data subject.
h) Rights of data subject
• The Personal Data Protection Act confers rights on a data subject vis-à-vis a
data user in relation to his or her personal data and the processing thereof.