Singapore’s Personal Data Protection Commission (PDPC) has been busy. It has just published a number of new resources to help businesses comply with the Personal Data Protection Act. Here are the three we have identified as having the biggest practical application for companies in Singapore:
- Sample clauses and guidance for marketing consents. For companies collecting data for marketing purposes, these standard clauses will help. They cover a broad range of scenarios, including consent in the context of membership applications and lucky draws, and language for the withdrawal of consent. The PDPC has also published some guidance to support the sample clauses.
- Guide to securing data “in electronic medium”. For organisations which store data in an electronic format (so, pretty much everyone), these guidelines list certain specific IT security measures that can be implemented to enhance security, split into “good practice” and “enhanced practice”.
- Guide to managing data breaches. The PDPC has published a step-by-step guide to managing data breach situations, from development of a data breach management plan through to containing the breach, assessing the risk and impact, reporting the incident (including a requirement that the PDPC should be notified of breaches, particularly those involving sensitive data) and preventing future breaches.
Of course, none of the tools above represent an automatic route to compliance and the required approach will differ from one organisation to the next. Nonetheless, the growing pool of resources from the PDPC now covers a broad range of practical measures that organisations should now be implementing. It also underlines the PDPC’s strategy of being a business-friendly data protection regulator, in line with Singapore’s mission of becoming the world’s first smart city and the data processing hub for South-East Asia.