Personal Data Protection have never been so important.
Since the dawn of the Internet, some people say that data has become the new currency and whoever has in his or her possession of the right curated data can have access to almost anything and almost rule the world – so they say.
Privacy and personal data protection have been around for a long time and since the Universal Declaration of Human Rights. However, in May 2018, the General Data Protection Regulations (GDPR) was passed by in the European Union (EU) for all things with regards to personal data protection. It is undoubtedly one of the greatest personal data protection developments in history. All over the world personal data protection laws are also formed up and Singapore is no exception. The Personal Data Protection Commission (PDPC) was formed to enforce the Personal Data Protection Act (PDPA) in Singapore.
These data protection laws were put in place to protect the personal data of individuals like you and me, so that it will not be used fraudulently or for the wrong reasons. Thus, strict penalties are there for organisation that breach data protection laws. The penalties for the breach of PDPA can result a maximum fine of S$1 million, and it was enforced on SingHealth and Integrated Health Information Systems (IHIS) in 2019. Under the scope of the PDPA, all organisation in Singapore must comply with the PDPA. 
These are the first steps an organisation can take to begin their journey towards compliance to local data protection legislations. Although these 5 simple steps will not make the organisation compliant (yet), it will certainly help to raise the data protection posture or least get them started if they have not already started on personal data protection practices. You can speak to us to discuss further
Step 1: Appoint a Data Protection Officer
Every organisation should appoint a Data Protection Officer (DPO) to look into all matters data protection. Organisations that operate in Singapore need to appoint a DPO to comply with the accountability obligation of the PDPA. The DPO will be the most appropriate person to look into the following steps described here.
Step 2: Be Aware of Personal Data held by the organisation
Most business that have inventory will spend time to take care of the inventory. Stock takes are essential to the business as they need to know what is in the warehouse; what is ready to be sent out; what is expiring; what else is needed and more. These similar concepts also applicable in data protection. Similar to physical inventory, data have to be protected as well, especially personal data, because in several countries like Singapore and those in the EU, there are heavy fines in the event of breach and non-compliance.
Step 3: Create Data Protection Policies and Practices
Having data protection and personal data protection policy and practices are an important step to being compliant. Without proper policies and practices, there will not be guiding principles as to how the organisation handle data, only with a documented set of procedures and practices will employees know what to do and how to do.
Step 4: Defend Personal Data in the Organisation
Enforcement of data protection laws can result in hefty fines. In Singapore, one of the most common enforcement are from the organisations that fail to protect personal data in their possession resulting in, yes, fines. Therefore, organisations need to protect all personal data that they have, and there are some data that are more sensitive than others. Discuss with a data protection officer or advisor to find out more.
Step 5: Educate employees to implement Data Protection practices
Education of employees is one of the most effective ways to ensure compliance because often it is the employees who handle data and the failure to protect data can result in breaches and subsequently possibly fines. Only with continued education can employees appreciate the importance of personal data protection and compliance to company policies and practices.
Below is a summary of 5 steps an organisation can take to start being compliant. Data Protection is important and is enforced in some countries. Personal Data Protection compliance is a journey and not something that happens in a day. Thus, it is imperative that business owners take the first steps to be compliant and do speak to us for more tips.
5 Steps an Organisation can take to Begin the Data Protection Compliance Journey
1. Appoint a Data Protection Officer
2. Be aware of Personal Data held by the organisation
3. Create Data Protection Policies and Practices
4. Defend Personal Data in the Organisation
5. Educate employees to implement data protection practices
First Steps to begin Your Data Protection Compliance Journey – How can I be PDPA Compliant?