PDP Week 2021: Driving a data-driven culture
2021-10-21
The Personal Data Protection Commission (PDPC) of Singapore organised Personal Data Protection (PDP) week 2021, from 14 to 17 September 2021, with the theme of Driving a Data-Driven Culture.
During the four-day event, the PDPC made several announcements, including new and updated free resources to help organisations strengthen their data protection measures, and the launch of the Better Data-Driven Business programme by the Infocomm Media Development Authority (IMDA) and PDPC, to help SMEs gain deeper consumer insights and scale up their businesses through responsible use of data.
Josiah Poh, Straits Interactive’s Data Protection Officer (DPO) and Senior Manager of Consultancy and Legal, reviews the announcements and shares his analysis in the following video:
Key takeaways from PDP Week 2021
1. An “assume breach” data protection posture
A data breach is assumed as it is not a matter of if the breach will happen, but when the breach will happen. This is something that PDPC has mentioned previously in other events that they have held. Since a data breach is assumed, there is a need for organisations to prepare themselves and respond in the event of the breach.
In February this year, the data breach notification obligation went into effect, hence it is vital for companies to have their data breach plans in place. Penalties will be higher from next year onwards.
Likewise, data protection isn't the sole responsibility of the DPO; it is a shared responsibility across the organisation. There is a need for good internal handling. You need to resolve the situation with your data subjects quickly and amicably. PDPC should be the last to be called into the process.
2. New/revised guides published through PDPC, on the following topics:
• Data Protection Management Programme (DPMP)
• Data Protection Impact Assessment (DPIA)
• Data Protection Practices for ICT Systems
Revised guides on DPMP and DPIA
The PDPC has updated their “Guide to Developing a Data Protection Management Programme” to incorporate best practices in accountability to support organisations' personal data protection policies and processes.
One of the revisions is the switch from a 3Ps - policy, people, process - approach to a new four-step framework: governance and risk assessment policies, policies and practices, processes and maintenance.
The competency roadmap that PDPC introduced for DPOs is now included in the guide, which also makes clear that Data Protection Trustmark (DPTM) certification can be seen as part of maintenance or a form of an audit.
Find out how to create an effective Data Protection Management Programme through our course here.
The PDPC has also updated their “Guide to Data Protection Impact Assessments”, to align with new obligations under the updated Personal Data Protection
Already a member?
Unlock these benefits
Get access to news, enforcement cases, events, and actionable tips and guides
Get regular email updates and offers
Job opportunities, mentorship and career guidance
Exclusive access to Data Protection community - ask questions, network and share knowledge with peers and experts via WhatsApp and Linkedin
DPEX Network is a Community Initiative of Straits Interactive.
Copyright © Straits Interactive Pte Ltd. All Rights Reserved.
All intellectual property rights to logos and brands featured on this website remain the property of their respective owners.