Module 1: Personal Data Protection Challenges At the Workplace

• The main Ingredients of PDPA 2010
• Understanding Section 6 and Consent
• Forms of Consent -Implicit/Validity/Explicit and how to be compliant
• Managing Consent -How to obtain/Who consents/The process and compliance
• Sensitive Personal data and consent
• Ten Challenges for PDPA in the Digital Economy
• Personal Data and Cloud computing
• Guidelines on understanding Purpose under Section 6 PDPA 2010.

Module 2: Transparency of Data Handling and the Right To Be Forgotten

• Primary duties of Data User under Section 7 PDPA 2010
• Data User subject to Audit and Inspection
• Due Diligence and role of Data User
• Statutory duties of Data User under PDPA 2010
• When must Notice be given
• Elements for Notice S.7 Compliance – How to collect / Means of sources / Disclosure to Third parties and rights of Data Subject
• Channels of communication – Best practice

Module 3: Issues and Implications of the Principles

• Disclosure Principle and guidelines on when you can refuse to disclose or partially disclose;
• Guidelines and understanding the Retention Principle and how it relates to Employees and former employees.
• Guidelines on Disposal of Records as per Retention Principle - Reasons for destruction/Destruction Methods/documentation for disposal/Checklist
• Guidelines and understanding the Data Integrity Principle
  Access Principle and guidelines on how and when to grant access to access requests.

A discussion on how the principles will be used in the compliance system of the company.

Module 4: Security Guidance and Privacy Impact Assessment
This module looks at what constitutes a Personal data security breach and how such breaches can occur. It also considers how to avoid breaches, and the practical steps that should be taken when a breach occurs.

Key aspects of this module include:

• Analysis of the Security Principle under Section 9 PDPA
• How security principle used in relation to Nature of Data / Location / Third Party Outsourcing / Measures
• Do’s and Don’ts of Data Security and Common Breaches as highlighted by MCMC / PDP office.
• Data Security Standard -Implementation and Compliance
• Assessing Risks and Impact
• Compliance with Inspection Requirements

Module 5: Commissioner and understanding powers under S.104 to S.109 PDPA 2010

• Powers of Investigations by PDP Officers
• Penalties for Obstruction and search / seizure of data
• Criminal Offences and Liabilities under the PDPA 2010
• Punishment for contravention of the Act
• Offences by body corporate
• Contravention of the personal data protection principles
• Processing of sensitive personal data in contravention to Section 40
• Unlawful collection or disclosure of personal data
• Personal Data Protection (Compounding of Offences) Regulations 2016

Module 6:

• A Risk Based PDPA Compliance
  • Data Illegality
  • Data Irregularity
  • Untenable Data Support
  • Data Leak and Abuse

• CASE STUDIES ON BREACH
  Creating a high-level data map
  • How to map this approach?
  • Turning data map into a data register
  • Reassurance and Risk
  • Operationalise Data Protection, and keep it living
  • identifying personal information to support the initial data map
  • Data Protection Impact Assessment template

Compliance for Section 6

• Samples on Purposes for Section 6 and Guideline on how to draft the Purpose clause in documents
• Effect of Personal Data Protections Regulations 2013
• Drafting consent clause for marketing of products
• Sample clauses for withdrawal of consent
• Drafting caution into letters.

Compliance for Section 7

• Discussion on Drafting the Consent Notice for various categories of Business sectors
• Discussion on Drafting Consent Notice for Application forms/ Interview forms/ Confidentiality clauses on consent etc
• Drafting the Notice and understanding how to draft the purpose clause in the Notice
• Guidelines on different categories of Notices

Module 7: Compliance for The Personal Data Protection Standards 2015 [Mandatory]

• The Data Security Standard distinguishes between conventional and electronic data management and prescribes various security measures in relation to each.
• Data Retention Standard
• Data Storage Standards
• Data Integrity Standard
• Data Security Standard

Module 8: Data Governance Strategies

• Building awareness for all staff
• Organisational and Operational measures
• Benchmarking goals/objectives
• Documentation and Audit
• Implementation

Module 9: Updates 2019 – Proposed law to be introduced

• Data Breach Notification
• Details of the Data Breach
• Containment or Control measures
• Containing the Breach – Steps to take
• Notification procedure
• Format provided for DBN

• Directors
• Chief Executive Officers
• Chief Financial Officers
• General Managers
• Human Resource Managers
• Compliance Officers
• Marketing & Sales Managers
• Business Entrepreneurs, Legal Advisor.
• Delegates who handle personal data on a regular basis as part of their job functions from the following departments:
  • IT Legal & Compliance
  • Human Resources
  • Customer service
  • Internal Audit
  • Sales & Marketing
  • Accounting & Finance