PERSONAL DATA PROTECTION ACT (PDPA)

1 Day – F2F | Webinar | In-house | Public
HRDCorp SBL Khas Claimable Module

OVERVIEW

This 1-day PDPA training course enable delegates to understand the legal requirements of compliance that apply to key areas of their daily working lives. The training is tailor-made with a practical focus on answering the day-to-day questions which may arise in relation to the participant’s organization handling of personal data and with trainer giving concrete examples.
The PDP Commissioner’s Office has further indicated the Commissioner’s intention to carry out inspections on data users that are not registered or not required to be registered under the PDPA, in order to ensure compliance with the general provisions of the PDPA as well as the minimum security, retention and data integrity standards set out under the Personal Data Protection Standards 2015.
In other words, the Commissioner is moving towards the enforcement phase of the PDPA, and will be closely monitoring all data users, whether registered or otherwise. This move has signalled that there will be more prosecutions from 2019 onwards especially with the proposed introduction of the Data Breach Notification in June 2019.
Companies ignoring the PDPA law will face stiff penalties under the Criminal Law with penalties ranging from RM 100,000 to RM 500,000 per offence and jail term.

LEARNING OUTCOME

By the end of the Personal Data Protection Awareness training course, participants will be able to:

Understand the application of the Personal Data Protection Act 2010 and its related offences as a result of non-compliance.
Reorganize the practices and process at the respective work areas to support data protection in line with Personal Data Protection Act 2010
Increase the data integrity and ensure business continuity without contamination and infringement.
Develop principles and mechanism to detect and prevent unauthorized management and dissemination of Personal Data.
Develop and execute a Risk Based Compliance Inspection Plan to protect personal data

METHODOLOGY

Interactive lectures, discussion, Q & A and Activities on all modules. Materials:

Participant Booklet softcopy
Personal Data Protection Act 2010 [Relevant sections]
Standards 2024
Compliance Audit Checklists -Organizational and Management Issues
Adequacy Audit Checklists
Process Audit Checklist

Features

Date

24th June, 2025
Time

8:30 Am – 6:00 Pm
Duration

1 Day
Venue

Crystal Crown Hotel PJ

Who Should Attend

Directors, Chief Executive Officers, Chief Financial Officers, Compliance Officers,
General Managers, Human Resource Managers, Marketing & Sales Managers
Business Entrepreneurs, Legal Advisor.
Delegates who handle personal data on a regular basis as part of their job functions from the following departments:
IT Legal & Compliance
Human Resources
Customer service
Internal Audit
Sales & Marketing
Accounting & Finance

Entry Fee

Webinar : RM 580.00

8 hours webinar
Certificate of attendance

F2F : RM 1800.00

1 lunch + 2 Coffee Break
Hotel location
PPT Presentation
Certificate of attendance.

In-house : RM 12,000 ( for min 9 persons max 20 persons)

8 hours in house
Training Need Analysis
Client office location
Certificate of attendance

DOWNLOAD BROCHURE

EMAIL US

WHATSAPP US

Itinerary

First Half Day

Module 1: Personal Data Protection Challenges At the Workplace

- The main Ingredients of PDPA 2022
- Understanding Section 6 and Consent
- Forms of Consent - Implicit/Validity/Explicit and how to be compliant
- Managing Consent - How to obtain/Who consents/The process and compliance
- Sensitive Personal data and consent
- Ten Challenges for PDPA in the Digital Economy
- Personal Data and Cloud computing
- Guidelines on understanding Purpose under Section 6 PDPA 2010.

Module 2: Transparency of Data Handling and the Right To Be Forgotten

- Primary duties of Data User under Section 7 PDPA 2010
- Data User subject to Audit and Inspection
- Due Diligence and role of Data User
- Statutory duties of Data User under PDPA 2010
- When must Notice be given
- Elements for Notice S.7 Compliance – How to collect / Means of sources / Disclosure to Third parties and rights of Data Subject
- Channels of communication – Best practice

Module 3: Issues and Implications of the Principles

- Disclosure Principle and guidelines on when you can refuse to disclose or partially disclose;
- Guidelines and understanding the Retention Principle and how it relates to Employees and former employees
- Guidelines on Disposal of Records as per Retention Principle - Reasons for destruction/Destruction Methods/documentation for disposal/Checklist
- Guidelines and understanding the Data Integrity Principle Access Principle and guidelines on how and when to grant excess to access requests.

A discussion on how the principles will be used in the compliance system of the company.

Module 4: Security Guidance and Privacy Impact Assessment This module looks at what constitutes a Personal data security breach and how such breaches can occur. It also considers how to avoid breaches, and the practical steps that should be taken when a breach occurs.

- Analysis of the Security Principle under Section 9 PDPA
- How security principle used in relation to Nature of Data / Location / Third Party Outsourcing / Measures
- Do’s and Don’ts of Data Security and Common Breaches as highlighted by MCMC / PDP office.
- Data Security Standard -Implementation and Compliance
- Assessing Risks and Impact
- Compliance with Inspection Requirements

Module 5: Commissioner and understanding powers under S.104 to S.109 PDPA 2010

- Powers of Investigations by PDP Officers'
- Penalties for Obstruction and search / seizure of data
- Criminal Offences and Liabilities under the PDPA 2010
- Punishment for contravention of the Act
- Offences by body corporate
- Contravention of the personal data protection principles
- Processing of sensitive personal data in contravention to Section 40
- Unlawful collection or disclosure of personal data
- Personal Data Protection (Compounding of Offences) Regulations 2016

Second Half Day

Module 6: A Risk Based PDPA Compliance

- Data Illegality
- Data Irregularity
- Untenable Data Support
- Data Leak and Abuse

CASE STUDIES ON BREACH

Creating a high level data map

- How to map this approach?
- Turning data map into a data register
- Reassurance and Risk
- Operationalize Data Protection, and keep it living
- identifying personal information to support the initial data map
- Data Protection Impact Assessment template

Compliance for Section 6

- Samples on Purposes for Section 6 and Guideline on how to draft the Purpose clause in documents
- Effect of Personal Data Protections Regulations 2013
- Drafting consent clause for marketing of products
- Sample clauses for withdrawal of consent
- Drafting caution into letters.

Compliance for Section 7

- Discussion on Drafting the Consent Notice for various categories of Business sectors
- Discussion on Drafting Consent Notice for Application forms/ Interview forms/ Confidentiality clauses on consent etc
- Drafting the Notice and understanding how to draft the purpose clause in the Notice
- Guidelines on different categories of Notices

Module 7: Compliance for The Personal Data Protection Standards 2015 [Mandatory]

- The Data Security Standard distinguishes between conventional and electronic data management and prescribes various security measures in relation to each.
- Data Retention Standard
- Data Storage Standards
- Data Integrity Standard
- Data Security Standard

Module 8: Data Governance Strategies

- Building awareness for all staff
- Organisational and Operational measures
- Benchmarking goals/objectives
- Documentation and Audit
- Implementation

Module 9: Updates 2024 – Proposed law to be introduced

- Data Breach Notification
- Details of the Data Breach
- Containment or Control measures
- Containing the Breach – Steps to take
- Notification procedure
- Format provided for DBN