All companies are responsible for the personal data that is under their care and control. To regulate the data and ensure compliance with PDPA’s requirements, companies need to appoint one or more individuals as Data Protection Officer (DPO) to be responsible for handling such matters. Under this Act, the appointment of DPOs is mandatory. More information about the PDPA can be found in their website here.
Roles of a DPO
Generally, the role of the DPO is to ensure that the company’s policies and practices in relation to personal data comply with the Act’s requirement. If done correctly, the DPO may turn data protection into a competitive advantage for the company, which can lead to building trusts with clients and business partners. The DPO can be an individual or a team within the company or an externally appointed third party.
Responsibilities of a DPO
- Ensure company’s data protection policies comply with PDPA
- Introduce and promote a culture of healthy data management habits between staff
- Share data protection policies with staff, clients and business partners
- Be the point of contact for any data protection queries, feedback and complaints
- Highlight any risks regarding personal data to the management
For more information about DPO, click here.
Registering your DPO
You may have received the following email from the government informing you to register your company’s DPO via the Accounting and Corporate Regulatory Authority (ACRA)’s BizFile+.
What happens if there is a breach of personal data?
In spite of the company’s best efforts to enforced measures for data protection and security such as implementing and/or enhancing IT security systems with anti-viruses and firewalls, there may be instances with a breach could happen. Companies found guilty of breaching any of the PDPA regulations can face financial penalties depending on the breach that has occurred. Do note that penalties imposed are on the company and not on the DPOs.
- - -
For us, we would encourage our clients to lodge their DPO’s details in BizFile+. By doing, our clients satisfy the requirement as set out in PDPA.
Being compliant means that you are being more transparent to regulators, clients as well as your business partners when it comes to the data you are storing. They will feel at ease knowing that their data is stored safely and securely, thus instilling trust and brand loyalty.