The Amended PDPA: Practical Updates and Considerations for Professionals in Auditing, HR Management, Data Protection and Sales & Marketing

Interested in attending? Have a suggestion about running this course near you?
Register your interest now

Description

For information regarding CCH Learning Events Covid-19 Health and Safety Practices, please click HERE. 

Changes to the Personal Data Protection Act (PDPA) were passed in Parliament in November 2020. These include mandatory data breach reporting, changes to the use of consent for users, data portability right of consumers and increased penalties for offences in the Act amongst others.

Under the PDPA's "exceptions to the consent requirement", organisations can now use, collect or disclose data for legitimate interests, business improvement and research and development. This includes fraud prevention, improving products and services or conduct market research to understand current and future customers. These greatly expanded the range of situations to use your customers' personal data.

The  Personal Data Protection Commission (PDPC)  investigated 185 cases involving data breaches and issued 58 decisions in 2019.  It ordered 39 organisations to pay SG$1.7 million in penalties, including fining two entities for  SG$750,000 and SG$250,000, respectively.

The number of organisations breaching Singapore’s PDPA include finance (14 per cent), retail (14 per cent), volunteer welfare organisations (10 per cent), professional services (9 per cent), and food and beverage (9 per cent). Untrained employees, inadequate security controls and weak passwords were among the top 10 common causes of PDPA breaches.

This practical and timely workshop will assist HR professionals, auditors, information security professionals, nominated data protection officers and the like to navigate the new requirements . The workshop will also be useful to marketing professionals looking to increase their market size and depth especially those companies engaged in electronic commerce.

Programme Outline

• The obligation of companies managing the collection of personal data under the expanded deemed consent regime and the advantages that this new regime offers
• The new mandatory data breach reporting requirements including the new procedures needed and the new combined legal and technical thresholds for reporting data breaches
• The legal implications for companies acting as data intermediaries engaged in electronic commerce such as online sales and marketing
• Introduction to data security from a user’s perspective.

Exercise

Participants will be engaged in a hands-on exercise on updating their company’s policies for the above changes.

Expert Speaker

K. K. Lim
Head, Cybersecurity, Privacy and Data Protection
Eversheds Harry Elias LLP   

A well-recognised figure in the information security and legal technology fraternity, KK is often invited to speak on technology law, risk compliance and cybersecurity and data protection in conferences and forums. Prior to being called to the Singapore Bar, KK worked for both the public and private sectors such as the Singapore Government, PLCs listed in Singapore and New York in the fields of technology policy, market research and information security consulting and data privacy including being the Chief Privacy Officer (APAC) for a global healthcare research company.

KK has also published in Privacy Advisor, a publication of the International Association of Privacy Professionals (IAPP) and the inaugural chapter contributor to Global Privacy & Security Law, a publication of Wolters Kluwer.

KK holds a Bachelor of Arts in Government and Psychology (University of Texas at Austin), a Bachelor of Laws (Monash University), a Master of Laws (National University of Singapore), a Specialist Diploma in Information Systems Security (Temasek Polytechnic) and is a Certified Information Security Manager (CISM). He is a co - founding member of The Association of Information Security Professionals (AiSP)(Singapore) as well as its former Secretary.

In addition to being the current Chair of the Cybersecurity and Data Protection Committee of The Law Society of Singapore, KK is also a Consultant with the Institute of Systems Science (ISS), National University of Singapore and an Adjunct Faculty Member of the Singapore Institute of Technology.