Page 1 of 78
Introduction to Singapore Personal Data Protection Act
Overview of the Personal Data Protection Act
What is Data Protection?
What is the Personal Data Protection Act (PDPA)?
Oversight of the PDPA
Provisions of the PDPA
The need for the PDPA?
What is Personal Data?
Types of Personal Data?
Personal Data relating to more than one individual
Personal Data Exclusions
What is business contact information
Business contact information
Data Protection Provisions
Do Not Call (DNC) Registry Regulation
What date does the Personal Data Protection Act come into full force?
How many main sets of provisions does the PDPA contain?
The PDPA establishes a _________ of standards for the protection of personal data, in both electronic and non-electronic format, and regulates the use of this personal data.
Collection, Use and Disclosure of personal data
Definition - Individual
Data Collection Concepts under the PDPA
Active and Passive data collection
Reasonableness of data collection
Organisations and Deemed Consent
Third Party Consent
Withdrawal of Consent
Organisations and the withdrawal of Consent
Care of Personal Data
Accuracy of personal data
Access to Personal Data
Access to Data Exceptions
Publicly available data
Access to Personal Data?
Correction of Personal Data ?
Target personal data loss
Organisations must ensure the following when making decisions to request personal data
Which of the following is NOT considered a method of obtaining consent
Karen attends a reception and writes her name in the unattended guestbook placed near the entrance.
This is an example of___________ Data.
Do Not Call
PDPA and DNC
Three DNC Registers
DNC Marketing Obligations
Consent and the DNC Register
Locations of sender and recipient
Example of how location impacts DNC
Will the DNC Registry cover overseas telemarketers?
Withdrawal of Consent
DNC – getting it wrong
Which of the following is NOT one of the three Registers on the DNC Registry?
The “prescribed duration” within which a person must check with the DNC Registry before sending a specified message to a Singapore telephone is (sent before 1 August 2014):
_______ are not included within the scope of the DNC Registry as it is expected that unsolicited emails are able to be blocked through email filters.
Compliance with the Act?
Data Protection Officer
Barclays data loss
An organisation is responsible for _____ in its possession or under its control.
An organisation is required to create policies and procedures designed to comply with _____
Data protection is the responsibility of ______
When does the DNC provision apply for a Singapore mobile?
A to z