What Else?

PDPA and privacy legal issues may arise in many scenarios and operational aspects of your organisation, including:-

  • Closed Circuit Television (CCTV) footages

  • Internet of Things devices, personal smart devices

  • Website forms collecting personal data

  • Website cookies collecting personal data

  • Photographs, videos, voice recordings taken at events or through devices such as drones

  • Collection or recording of NRIC for security purposes

  • Job search, recruitment, head hunting, employment

  • Research, focus groups, surveys, studies

  • Electronic payment methods including swiping of cards, mobile payments and online payment processing

  • Cloud hosting, Big Data, etc.

  • Charities, social services, voluntary welfare organisations (VWOs), volunteer management

  • Social media, marketing and event planning & management

  • Medical and healthcare, referral of patients, external / allied care providers, medical research, laboratory testing services

  • Education and co-curricular activities service providers, parent group, alumni group, overseas exchange, research

  • Finance industry, banking, financial advisory, insurance

  • Real estate agents

  • F&B, restaurants, cafes, reservations

  • MCSTs, managing agents

  • Logistics and delivery

If you think you are not yet PDPA compliant, you should consider the following steps:

  1. Appoint a Data Protection Officer (DPO). He/she may be a staff or an external professional.

  2. Send the DPO for PDPA training.

  3. Conduct a privacy impact assessment to determine the PDPA issues your operations entail.

  4. Draft a privacy policy for external parties.

  5. Draft and implement a personal data internal policy / handbook / standard operating procedure (SOP).

  6. Draft and incorporate standard forms and clauses.

  7. Train employees on personal data policies and procedures.

  8. Register an account with the Do Not Call Registry if you conduct telemarketing. Check registry before telemarketing campaign.

  9. Liaise with vendors and contractors regarding PDPA compliance (if necessary).

  10. Liaise with client to notify purpose and obtain consent (if necessary).

Should you require advice on specific queries regarding your obligations under the PDPA, please do not hesitate to contact us.

You may wish to check out our products and services which will help you be PDPA compliant and ready.