Please enable JavaScript.
Coggle requires JavaScript to display documents.
Personal Data Protection Act (information life cycle (collection (purpose…
Personal Data Protection Act
Objective
to address how personal data is being used
maintain trust in organization that manage data
strengthen and entrench Singapore's competitiveness and position as world class hub for business
what is PDPA?
recognizes
rights of individual
protection
access
correction
needs of organization (for legitimate and reasonable purpose) to
use
disclose
collect
establishment of Do Not Call (DNC) Registry
register mobile number to opt out of receiving marketing call/text
data protection law governing the collection, use, disclosure and care of personal data
Data Protection Roles
Data Controller / User
Organizations
Data Processor
Data Intermediaries
Data Protection Authority
PDPC
Data Subject
Individuals
how does it work
concepts
Consent
collect, use, or disclose with individual's consent (some exception)
Purpose
inform the purpose for collection, use or disclosure
Reasonableness
the purpose must be appropriate to a reasonable person in the given circumstances
complementing sector-specific legislative and regulatory framework
Employment Act
Banking Act
etc
definition
Role
individual
a natural person
organization
any individual, company, association, corporate or incorporated whether or not formed or recognize under the law of Singapore
data intermediary
an organization that processes personal data on behalf of another organizations
Personal Data
data about an individual who can be identified
from that data
from that data or other info to which the organization has or is likely to have access
includes
NRIC
Passport
Fingerprint
name, residential address, contact number
vehicle no
video
confidential info
price list
salary/personal finances
engineering drawings
legal docs
employee CSN
transaction details
doesn't highlight sensitive data (religion, medical, political, etc) unlike in the countries like Malaysia, Philippines, Australia & UK
information life cycle
usage/processing
accuracy obligation
ensure data is reasonably accurate and complete (section 23)
storage/disposal
retention limitation
cease retention of data when is no longer necessary (section 25)
protection obligation
making security arrangements to protect data (section 24)
collection
purpose limitation
only for the purpose for which the consent is given (section 18)
notice/accountability obligation
notify of the purpose (section 20)
consent obligation
only collect, use or disclose with consent (section 13-17)
disclosure/transfer
transfer limitation
transfer data to another country only when the standard or protection of data is comparable (section 26)
access & correction obligation
upon request, provide info about usage or disclosure of data and correct any error or omission (section 21-22)
note: life cycle follows openness obligation
info about data protection policies, practices and complaint process available upon request (section 11-12)