Cheatography
https://cheatography.com
DDP Cheat Sheet - Topic 4
Fundementals of PDPA
WHAT |
SG's data privacy regulation used to govern collection, use, disclosure and care of personal data and regulate telemarketing practices through the Do Not Call registry |
WHY |
Encourage business innovation while ensuring personal data protection while strengthening SG's position as a trusted hub for businesses |
WHO |
Individuals → protect personal data Organisations → use and disclose data for legitimate purposes Does not apply to the public sector, which has separate rules under the govt |
WHERE |
Has extraterritorial effect and is applicable to orgs collecting, using or disclosing personal data in Singapore, regardless of the organization’s physical presence or where it was incorporated |
COST |
10% of an organization’s annual turnover in Singapore, or SGD 1 million, whichever is greater and Reputation damage |
|
|
Collection of Personal Data
Notification |
Notify individuals of the purposes for which the organisation is intending to collect, use or disclose their personal data |
Consent |
Personal data may be collected, used or disclosed only after consent has been given by the individual |
Purpose Limitation |
Personal data may be collected, used or disclosed ONLY for the purposes that is reasonable to provide the organisation’s product or service |
Care of Personal Data
Accuracy |
Organizations should ensure that the personal data collected is accurate and complete |
Protection |
Organizations should put in place the required security measures to protect personal data to prevent unauthorized access |
Retention Limitation |
Organizations should cease retention of personal data or dispose of it in a proper manner |
Transfer Limitation |
Ensure that the standard of protection is comparable to the PDPA when transferring personal data to another country |
Individual’s Autonomy over Personal Data
Access and Correction |
Individuals have the right to request for access to their personal data and for correction of their personal data |
Data Breach Notification |
In the event of a data breach, that likely results in significant harm to individuals, or are of significant scale, PDPC and the affected individuals need to be notified |
Data Portability |
At the request of the individual, organisations are required to transfer the individual’s data to another environment |
|
Created By
Metadata
Comments
No comments yet. Add yours below!
Add a Comment