Applying Personal Data Protection Act (PDPA) in a Business Environment


Course introduction

Since the enactment of the PDPA, many organisations have undergone investigations and were fined by the Personal Data Protection Commission (PDPC). Not only can PDPC fine an organisation for non-compliance to the PDPA, but they can also put a stop order to restrict the further collection of personal data or even issue a court order to destroy all personal data in the possession of an organisation in a severe case of non-compliance. 

It is of utmost importance that key stakeholders, managers, supervisors, as well as personnel in-charge of handling personal data,  are trained and aware of the importance of adhering to the provisions of the PDPA to avoid complaints, remedial actions and non-compliance.

Course Benefits

Key Takeaways

  • Understand the obligations of PDPA
  • Understand the role of a Data Protection Officer
  • Identify areas of non-compliance in the organisation
  • Learn how to manage complains relating to PDPA
  • Do up a Data Information Map of an organisation
  • Learn how to manage complains relating to PDPA
  • Understand what to do when a breach is detected

Target Audience

Who should attend:

  • Data Protection Officers
  • Managers and Department Heads
  • Personnel directly involved in handling personal data

Course Outline

Module 1: Introduction to PDPA

  • Objectives of the Data Protection
  • Key Terms
  • Anti-Spam Law & Do Not Call Registry
  • Who are exempted from PDPA
Module 2: Anti-Spam Act and Do Not Call Provisions
  • Do Not Call Provisions
  • DNC Registry Specified Message and Examples
  • Exemption Order
  • DNC Operational Rules
  • Spam Control Act
Module 3: Data Protection Provisions
  • 9 Obligations
  • Consent Obligation
  • Purpose Limitation Obligation
  • Notification Obligation
  • Access & Correction Obligation
  • Accuracy Obligation
  • Protection Obligation
  • Retention Limitation Obligation
  • Transfer Limitation Obligation
  • Openness Obligation
Module 4: Create an Organisations Data Inventory Map
  • What is a DIM and How to Create One for the Organisation
  • Example of a DIM 
  • Identify any area of non-compliance in your organisation
Module 5: Roles of Data Protection Officer (DPO)
  • Appointment of DPO 
  • Possible Roles of a DPO 
  • Reporting Structure of DPO
Module 6: Managing Complaints regarding PDPA
  • Typical Complaint Handling Process
  • What to Consider When Developing Process for Handling Complaints Relating to Data Protection
  • Example of Complaint Handling Process Relating to Data Protection
Module 7: Staff Training and Communications
  • Set Training Objectives
  • Considerations to Training and Communications of Staff
  • Example of a Training and Communications Plan
Module 8: Guidelines for Handling NRIC
  • When are we authorised to check a person’s NRIC
  • When can we retain a person’s NRIC
  • Alternatives to collecting NRIC numbers

Case Study


Available Course Sessions

Please click here to stay updated on upcoming sessions.

Trainer Profile

Alvin Quah

Alvin Quah graduated with a Bachelor Accountancy degree from Nanyang Technological University. He first taste of training was with an IT company in 2000 when he was a software consultant. Since then, he has been passionate about training.

He has also conducted seminars on change management for fast-moving consumer goods, banks and large telecom companies in Singapore. He also offers certification courses to certify NLP practitioners, NLP coaches, TimeLineTherapy® practitioners and team building mentoring courses.

Alvin is a registered member of ABNLP (American Neurolinguistic Programming Council), TLT (TimeLine Therapy® Association) and Master Team Trainer registered with the International Team Building Association (ITBAS).