PDPA for Singapore
PDPA compliance, Singapore (applicable to most ASEAN countries, and Hong Kong)
As stipulated by PDPC Singapore, organizations are required to comply with the entire PDPA 2012 whether you collect, use or disclose personal data about individuals, be it customer. Employees or members, anything close to that, practicing good personal data management hygiene can increase efficiency and effectiveness.
If you or your organization have been tasked to handle data intermediary, you MAY be excepted from some obligation in PDPA, but one can never ignore the necessary due diligence to protect the data in pursuant to any written contract or such.
The above describes and promotes the necessary leadership thought and management practice that need to cascade down their organization to avoid fine/sanction or cost of remediation/recovery, which can be hefty and deemed destructive to company’s name and reputation. Board of director will want everyone to have that mind, to avoid impact on potential business venture, funding or investment.
iTGRC has developed three categories of PDPA compliance program based on ISO standards and requirements. ISO27001 is a driving platform with a premium engine that determines the direction of a management system to fulfil the compliance requirements. It has already fitted well with EU GDPR that came into effect in the month of May 2018. Similar methodology has also proven to apply well in meeting Singapore PDPA 2012 requirements.
There’s no more and no less that such framework helps organization develop the capability, enable flexibility to adapt to the requirement and to adopt the changes seamlessly. It’s being agreed by several international ISO certifying bodies that ISO27001 has the enterprise elements to drive PDPA compliance be it on IT systems, corporate strategy, business plan and processes, or day to day operation.
The above packages (*) are subjected to an initial assessment or high-level gap analysis with your company's leadership/management team. We give this for free with NDA signed.
Bespoke PDPA – our team recognizes that PDPA compliance is a journey, and everyone has their day job to worry and personal life to handle after 9-5pm. Our Bespoke tailors for organizations who want to jump start with small steps, and determine their stature and appetite, or develop a mid to long term roadmap to achieve PDPA compliance but do not want to shake the boat. Talk to iTGRC executive partner to help gearing you up with the roadmap and short term priority.