September 29, 2020

We are creating some awesome events for you. Kindly bear with us.

We are creating some awesome events for you. Kindly bear with us.

PDPC create guide focusing on accountability in managing personal data

The Personal Data Protection Commission  has released a new Guide to Accountability when managing personal data. This was presented by Mr Tan Kiat How at the IAPP conference on July 15.

The guide was created to better support organisations in developing accountable data protection practices.

Organisations must shift from compliance mindset to accountability mindset
Guide covers accountability within organisation, in industry and in enforcement

The Guide to Accountability introduces the concept of accountability in the context of personal data protection. It covers accountability in three broad areas.

The First being within an organisation, then within the industry and then in enforcement. It includes examples and resources that organisations may use to translate accountability concepts into practical steps they can adopt.

Organisations should focus on Policy People and Process

Aside from the compulsory PDPA regulations, the commission suggests that organisations should consider further accountability measures, which can be categorised under Policy, People and Process.

When it comes to company policy the commission suggest that accountability measures should include embedding personal data protection into corporate governance through the involvement of senior management, and developing and communicating personal data protection policies clearly to both internally and externally.

Under People, the Guide highlights the importance of encouraging responsible personal data protection values in every employee. This could be done by through training and development, encouraging data protection to be part of company culture.

The Guide highlights that accountable organisations should put in place proper processes to operationalise their data protection policies throughout the data lifecycle  and across its business processes, systems, products and services.

Updates to the Personal Data Protection Act

PDPC has also updated its Advisory Guidelines on Key Concepts in the Personal Data Protection Act (PDPA) to provide clarification on the relevant PDPA obligations and measures for accountability in personal data protection. This reflects the developments in data protection and supports the shift towards accountability in a Digital Economy.

Organisations may find it useful to refer to accountability tools that PDPC has introduced, such as the Guide to Data Protection Impact Assessment (DPIA), the Guide to Data Protection by Design for ICT Systems and the Guide to Managing Data Breaches 2.0.