In our DPEX Network Community, we recognise there is a diverse base of learners such as the following:
Not everyone is a trained legal professional. When designing the courses, we decided to approach the curriculum from an operational perspective to data protection practices (besides a purely legal perspective) so that adult learners can relate better to their everyday work scenarios.
These courses also take into account competencies highlighted by the Personal Data Protection Commission of Singapore in their Data Protection Competency and Training Roadmap.
Hence, we divided the courses into two categories of competencies:
...and approached our DPEX Network partnering universities in the region to offer adult learning courses in data protection by incorporating these courses.
Roadmap of Data Protection Competencies
Example of the Singapore Management University Learning Roadmap
Upon successful completion of all the above modules within the two categories of competencies, the learner would have acquired all the necessary competencies. Note that the requirements towards the achievement of the advanced certificate, diploma or degree are dependent on the discretion of our DPEX Network partnering university. The above example is from the Singapore Management University Academy.
We expect De La Salle University of the Philippines and International Islamic University Malaysia to formalise their offerings by the end of 2020.
As the name implies, we approached these courses from an operational compliance angle, catering to data protection functions and practices within an organisation.
In short, these courses, in our view, will help data protection officers and functions to achieve operational excellence in data protection. Hence, we have been working with several universities in the ASEAN region to incorporate these courses into their own local certificates/diplomas/degrees.
Foundation course covering both local data protection law and basics of privacy management
Basic ISO27001/02 information security concepts from a management perspective
3 key areas: Data Protection by Design, Data Protection Impact Assessment & Trustmarks
Insights to creating and implementing a data protection management programme
Key milestones in data protection and insights into the role of a DPO
The above is an example of the Advanced Certificate in Data Protection Operational Excellence offered by Singapore Management University (SMU).
Modular approach and flexibility
Learners can take any of these modular courses at any time and work towards attaining an Advanced Certificate in Operational Excellence. For example, in the case of SMU, course participants have one year to complete all the courses and would need to pass a mini assessment that will be given after each course module. The certificate will be awarded upon passing all of the assessments.
We also took into account that learners may not start their certificates as a beginner. Those who have already taken the Data Protection Hands-on course are exempted from taking the Practical Approach to Data Protection. For Singapore’s citizens or permanent residents, the course is also exempted for those who successfully passed the Practitioner Certificate in Data Protection AND have taken the PDPA – Operational Perspective courses or Fundamentals of the PDPA course.
Similarly, anyone with an IAPP Certified Information Privacy Manager (CIPM) professional certification (i.e. passed the examination) or anyone with a formal information security professional certification (e.g. IAPP Certified Information Privacy Technology (CIPT), Certified Information Security Manager (CISM) or Certified Information Systems Security Professional (CISSP) will be exempted from taking the Information and Cybersecurity for Managers course.
The other course category for data protection competencies is called Data Protection Principles. Breaching data protection principles carry the heaviest penalties under any data protection law. The curriculum was deliberately designed so that non-legal professionals especially those performing data protection functions can also take these courses without having a formal legal background as the content is presented with minimal legal language. However, regulatory references are still included for the convenience of legal professionals.
The scope of the content is catered primarily for those whose job scope covers ASEAN and to any extent Asia Pacific. The General Data Protection Regulation and Applications on Asia is therefore also covered. Although not every country in Asia Pacific is covered (e.g. Korea and Japan), the course Data Protection Framework and Standards provides the learner with the necessary knowledge to cover any kind of data protection jurisdiction.
Covers Singapore (PDPA), Hong Kong (PDPO) and India’s IT rules/latest bill
Covers Philippines (DPA) and Malaysia (PDPA)
Covers Indonesia (Bill), Thailand (PDPA) and rest of ASEAN
Covers Taiwan (PDPA), China (PI Specifications)
Covers EU GDPR and relevance to Asia
Covers all frameworks and standards including ISO 27701
The above is an example of the Advanced Certificate in Data Protection Principles offered by Singapore Management University (SMU).
Any IAPP Certified Information Privacy Professional (CIPP) (i.e. passed the examination) will be exempted from certain course modules e.g. CIPP/A – Part 1, and CIPP/E – GDPR module).
Similarly, anyone who clears Part 1 and the GDPR module have the option to register and sit for the respective certification exams (CIPP/A and Exin GDPR certification) separately. Note that the GDPR module within the series of courses within the Data Protection Principles does not equate to the CIPP/E module. Learners will have to sit for the course and exams separately.
By Kevin Shepherdson, CEO, Straits Interactive Pte Ltd
Write to us at email@example.com should you need advice.
Access online / in-person courses and view past training records
Join lively discussions on pertinent data protection topics
Gain access to data protection research and video resources
Receive value-added data protection updates from the region