PERSONAL DATA PROTECTION ACT 2010/ STANDARDS 2015 AND IMPLEMENTING COMPLIANCEDuration: 2 Days
IntroductionThis 2-day PDPA training course enable delegates to understand the legal requirements of compliance that apply to key areas of their daily working lives.
Malaysia Communication and Multimedia Commission [MCMC] is the governing body for ensuring companies are in compliance with the Personal Data Protection Act 2010 and the Commissioner has for the first time issued Personal Data Standards to maintain in 2015 and they are part of the law.
The Commissioner has further tightened the Standards 2015 by enforcing the Regulations under Section 132 by passing the Personal Data Protection (Compounding of Offences) Regulations 2016. This move has signaled that there will be more prosecutions from 2016 onwards.
Companies ignoring the PDPA law will face stiff penalties under the Criminal Law with penalties ranging from RM100, 000 to RM500, 000 per offence and jail term.
BenefitsThis seminar is to educate on the legal and practical know-how that will be necessary to implement the law and for your compliance with the PDPA.
Upon completion of this program, participants will be able to:
- How to process Personal Data
- When to disclose Personal Data and the idea of Consent
- Conferring to Contractual Obligations of Third Parties
- Prepare their documentation, records, policies and procedures in compliance with the PDP law.
MODULE 1- DATA PROTECTION AT THE WORKPLACEDiscussion On The Over View Of Personal Data Protection Act 2010
This Module Will Look At How To:
- Appreciate Who And What Is Covered By Personal Data Protection Rules
- Understand The Organisation’s Policy And Aims On Personal Data Use
MODULE 2- NOTICE AND CHOICE PRINCIPLEHow Do You Seek Consent And Exemptions To Consent?
- Guidelines On Understanding Purpose Under Section 6 PDPA 2010
- Guidelines On Consent For Sensitive And Non Sensitive Personal Data
- Recognise When, And For What Purpose Staff / Customer Data May Be Used
- Questions To Ask When Collecting Data
Exercises And Presentation On Section 6 & Section 7 Compliance Will Be Carried Out
MODULE 3- COMPLIANCE: THE WHAT, WHEN AND HOW
- What & When Do Companies Need To Do In Order To Comply?
- How Do Companies Set Up An Effective Compliance Framework?
MODULE 4- ISSUES AND IMPLICATIONS OF THE PRINCIPLES
- Disclosure Principle And Guidelines On When You Can Refuse To Disclose Or Partially Disclose
- Retention Principle In Relation To Employees And Former EmployeesData Integrity Principle & Access Principle
- Outsourcing To Data Processors And The Data Processing Contractual ObligationsPotential Privacy Risks To Organisations
- Case Study On Personal Data Issues And Impacts
Exercises And Presentation On Section 8, Section 10 & Section 11 Compliance Will Be Carried Out
MODULE 5- THE PERSONAL DATA PROTECTION STANDARDS 2015
- The Data Security Standard [Electronic & Manual]
- Data Retention Standard
- Data Storage Standards
- Data Integrity Standard
Exercises And Presentations On Implementation For Compliance Of 2015 Standards Will Be Done
MODULE 6- HUMAN RESOURCE DEPARTMENT AND PDPA PRINCIPLES
- For Human Resources Departments, Key Areas Discussed
- Ensuring That The Recruitment And Selection Process Meets Legal RequirementsDealing With Staff Information Requests – What Must Be Disclosed And Can Be Withheld
- Disclosing Staff Information To Outside Third Parties –The Legal Requirements That Must Be Met Before Staff Information Can Be Sent Outside The Organisation
- References And The Rights Of Ex-Members Of Staff
- Monitoring Staff Activities And Communication Including Using Managers, CCTV Cameras And Website Technologies
- Provisions To Be Included In Third Party Security Contracts As Required By The 2015 Standards
- Legal Advice On What And How To Ensure Company Documentation Is In Compliance Will Be Carried Out
MODULE 7- SECURITY GUIDANCEWhat Constitutes Personal Data Security Breach And How Such Breaches Can Occur And Can Be Avoided
Key Aspects Of This Module Include:
- Analysis Of The Security Principle Under Section 9 PDPA
- Managing Information Security Focus On Media Devices & Cloud Computing
- Data Security Standard – How To Implement
- Understanding Risks To Personal Information In Various Industries Like Sales & Marketing, ICT, Service Industry, Hospitality & Education Sectors Etc
- Knowing What To Do In The Event Of A Data Protection Breach
Exercises And Presentation On Response Plan, Section 9 And Risk Management
MODULE 8- CRIMINAL OFFENCES AND LIABILITIES UNDER THE PDPA 2010
- Punishment For Contravention Of The Act
- Offences By Body Corporate
- Contravention Of The Personal Data Protection Principles
- Processing Of Sensitive Personal Data In Contravention To Section 40
- Unlawful Collection Or Disclosure Of Personal Data
- Personal Data Protection (Compounding Of Offences) Regulations 2016