《个人数据保护法》(PDPA) 是一项管理新加坡所有私人组织收集、使用和披露个人数据的法律。该法案于 2014 年 7 月 2 日全面生效。
根据新加坡法律,处理来自新加坡的个人数据的公司有责任进行合法处理。将个人数据传输到新加坡境外受到监管,PDPC 是主要执法机构。
As more and more companies adopt policies to be compliant and competitive, it is only a matter of time before companies of all shapes and sizes adopt data protection policies and work toward compliance.
为了遵守法律,需要采取几个步骤。
第 1 步 – 任命数据保护官
Foremost, in accordance with section 11 of the PDPA, companies need to appoint a Data Protection Officer. The data protection representative will help management develop policies, programs, and training for employees to comply with the PDPA. The DPO will also keep the management informed of changes to the regulations and issues on the ground.
第 2 步 – 了解 PDPA 义务
Secondly, company founders and directors need to understand their obligations under the PDPA. Currently, there are 10 obligations with the latest one added on the 1st Oct 2022. With an understanding of the obligations, management can then have a better appreciation of the PDPA and the necessary actions to take.
第 3 步 – 制定数据保护政策
Thirdly, section 12 of the PDPA requires companies to develop policies and processes to meet the obligations under the PDPA. These policies and procedures will form the baseline of personal data practices within the company. They would then need to be communicated to all staff to ensure compliance.
第 4 步 – 制定信息安全政策
我们现在生活在信息时代。
如今,公司越来越多地采用技术来实现数字化并建立在线业务。而技术的采用使事情变得更加高效和方便。它还使我们面临想要从我们这里得到东西的网络犯罪分子。
为了保持安全和合规,我们采用技术来帮助履行 PDPA 的某些义务。它们充当控件,为文档目的提供保护、警报和审计跟踪。因此,有必要制定信息安全政策来加强组织内的个人数据保护实践。
第 5 步 – 制定数据保护计划
如果没有程序来支持它们,政策就只是纸上的文字。
个人数据保护计划应详细说明为确保合规性而要执行的任务。创建数据清单、了解数据流和识别所有者是任何数据保护计划的基线。该计划需要涵盖特定领域,例如同意、通知、个人数据请求、个人数据处理、投诉和数据泄露。 应尽可能进行定期测试和排练。
第 6 步 – 员工意识培训
为了使员工免于成为组织的受害者和捍卫者,他们熟悉公司政策和最佳实践至关重要。因此,需要定期进行培训和评估,让每位员工保持警惕。
第 7 步 – 定期审核和更新
Finally, as new threats and new ways of working emerge, there will be changes in the way we do things. Hence, regular audits are necessary to fine-tune any process. New discoveries need to be updated in the respective policies to keep them current and relevant. Personal data regulations are not about to go away any time soon. In fact, its adoption by companies will increase. As companies become more aware of their obligations, they may require their business partners to implement PDPA-compliant policies and processes. Any failure to adopt such practices could result in a personal data breach on their end. The fallout may affect the companies that are the data controllers. This could lead to bad press, loss of revenue, and for some even their jobs.
如果您在数据保护之旅中需要任何帮助,请给我们留言。
