The Personal Data Protection Act 2012 (PDPA) will come into effect on July 2, 2014 and is enforced and administered by the Personal Data Protection Commission.
What is the PDPA all about?
It’s a data protection law that sets the rules for governing the collection, use, disclosure and care of personal data.
Who needs to comply?
All organisations that ask for personal details of employees, donors, sponsors, volunteers, members and so on – including small, medium and non-profit entities – need to comply.
What data does the PDPA protect?
Any data that can identify the person – whether true or not – from the data collected, or from the data and other information to which the organisation is likely to have access. This data can be in electronic or non-electronic form, and would include personal particulars, medical, financial and educational records, and so forth.
What are some of the rules?
There are rules on the collection, use and disclosure of data, and subsequently the retention/access, and deletion/anonymisation of data.
What steps do I need to take?
The immediate task is to develop a Personal Data Protection Policy, and follow up with an operational process and procedure. Appoint a data protection officer to implement and ensure compliance.
Where can I go for help?
Visit the PDPC website at www.pdpc.gov.sg where you’ll find plenty of useful information and tools. Or contact them at 6508-7333 or firstname.lastname@example.org. At the same time, the General Conference will be providing a policy template for local churches to modify to their specific requirements, and is also negotiating with training providers for bulk discount classes.
Information above was sourced from the Personal Data Protection Commission (PDPC) website, www.pdpc.gov.sg, and from their published ad in The Straits Times on June 7, 2014.