Complying with Personal Data Protection Laws:
Do you have Clarity on Regulatory Requirements?
European Union’s (EU) General Data Protection Regulation (GDPR) came into force on 25 May 2018 and its extra-territorial effect requires Singapore organisations not established in EU to comply or risk a maximum fine of up to 4% of the global annual turnover or €20,000,000, whichever is higher.
With Singapore’s Personal Data Protection Act (PDPA) in full effect since 2014, how does the GDPR matchup with the PDPA? Who does the GDPR apply to? Most importantly, what measures must Singapore businesses take to comply with both laws?
Join this 1-day event to attain a comprehensive understanding of the compliance requirements of EU’s GDPR and Singapore’s PDPA. Examine the similarities and differences between both laws in relation to data collection, use, disclosure, protection of obligations, rights of individuals, cross border transfer and other regulatory requirements. Acquire practical tips for compliance with both laws including what to do in the event of a data breach. Find out what are the special considerations when using personal data for marketing purposes and dealing with vendors.
Benefits of Attending
- Discover how the GDPR and PDPA apply to your organisation and key areas to take note of
- Gain clarity on guidelines issued by PDPC and regulations set out by the EU Member States
- Determine how to shape your company’s processes and policies in order to comply with guidelines
- Examine case studies of measures businesses are taking to comply with personal data protection laws
- Find out what are the critical pitfalls to avoid and lessons learnt when dealing with a data breach
- Pick up tips on data protection impact assessments and developing a data protection management program
- Learn the dos and don’ts in securing electronic personal data and disposal of physical personal data
- Identify areas to look out for when vendors have access to personal data in your company’s control
- Understand how to obtain consent for marketing purposes under the GDPR and PDPA
- Evaluate critical areas to look out for in agreements relating to processing of personal data
Woon Chooi is a partner in Dentons Rodyk & Davidson LLP’s Intellectual Property & Technology practice. She has several accolades to her name and is recognised as a leading IP practitioner.
Woon Chooi is also one of the lead partners in Dentons Rodyk providing advice on personal data protection, data privacy and cyber security issues. When Singapore introduced its Personal Data Protection Act in 2014, she developed comprehensive compliance programmes to assist organisations to comply with the data protection law.
She has advised clients in many sectors, including banking, insurance, retail, food and beverage, hospitality, real estate, healthcare, labour, technology, telecommunications, manufacturing and the public sector. She has also advised clients on the adoption of strategies which are compliant with data privacy and protection laws across multiple jurisdictions, including the General Data Protection Regulations (GDPR) applicable in the European Union.
Woon Chooi has also advised clients from both the private and public sectors on the management of data breaches.
– Co-Author, “Personal Data Protection Act – Need to document Data Protection Policies and Practices”, Dentons Rodyk Reporter, May 2018 (Singapore: Dentons Rodyk & Davidson LLP, 2018)
– Author, “EU’s General Data Protection Regulation (GDPR) and what it means for Singapore organisations”, Dentons Rodyk Reporter, April 2018 (Singapore: Dentons Rodyk & Davidson LLP, 2018)
– Author, “NRIC and Data Protection – Why businesses should review their practice of collecting and using NRIC”, Dentons Rodyk Reporter, January 2018 (Singapore: Dentons Rodyk & Davidson LLP, 2018)
– Author, “Personal Data Protection Act – Obligation to protect and secure data, and what to do in case of breach”, Dentons Rodyk Reporter, February 2017 (Singapore: Dentons Rodyk & Davidson LLP, 2017)
– Author, “Personal data protection – Prohibition on transfer of data out of Singapore”, Dentons Rodyk Reporter, October 2016 (Singapore: Dentons Rodyk & Davidson LLP, 2016)
– Co-author, “Personal Data Protection Commission Releases New Guides”, IP Edge, October 2015 (Singapore: Rodyk & Davidson LLP, 2015)
– Co-author, “Legislation Update – Personal Data Protection Act 2012*”, Rodyk Reporter – IP Edge, June 2014 (Singapore: Rodyk & Davidson LLP, 2014)
– Author, “Personal Data Protection Act – Compliance Programme”, Rodyk Reporter – IP Edge, March 2013 (Singapore: Rodyk & Davidson LLP, 2013)
– Author, “The Computer Misuse Act And Cyber Attacks”, Rodyk Reporter – IP Edge, March 2013 (Singapore: Rodyk & Davidson LLP, 2013)
Who Should Attend
Senior Level Executives responsible for Legal, Compliance, Internal Audit, IT, Data Security
Registration & Morning Coffee
Session 1: Overview of Singapore’s Personal Data Protection Act (PDPA) and the European Union’s General Data Protection Regulation (GDPR)
- Extra-territorial effect of both laws
- Examine the similarities and differences
- Basis for collecting/using/disclosing data
- Protection/retention of obligations
- Rights of individuals
- Prohibition on transfer of data out of the territory
- Regulatory requirements
- Practical tips for compliance with both laws
- Case studies
- What to do in the event of a data breach
Lunch & Networking Break
Session 2: Discussion of Selected Guidelines Issued by Personal Data Protection Commission (PDPC)
- Guide to Data Protection Impact Assessments
- Guide to Developing a Data Protection Management Program
- Guide to Securing Personal Data in Electronic Medium
- Guide to Data Sharing
- Guide on Building Websites
- Guide to Disposal of Personal Data on Physical Medium
Recent guidelines on the use of NRIC Numbers: Impact and implications
Afternoon Refreshments & Networking Break
Session 3: Special Considerations When Using Personal Data for Marketing Purposes and Dealing with Vendors
- Do Not Call Registry
- Obtaining consent for marketing purposes
- Sharing data with vendors and what to watch out for
- Agreements relating to processing of personal data
Concluding Insights & End of Event