Personal Data Protection Act and its Practical Applications

Objectives

At the end of this workshop, the participants will be able to:

  1. Understand what is the Personal Data Protection Act(PDPA).
  2. Understand the 9 Key Obligations.
  3. Know the meaning of Employment under the PDPA.
  4. Understand the meaning of personal data and its application on employment relationship.
  5. Understand the nine key obligations and its bearing on employment relationship.
  6. Understand the process of collection of personal data by HR practitioners.
  7. Know the duties of HR practitioners in relation to personal data of job applicants and employees.
  1. Understand the role of HR Practitioners in custodian and managing of personal data.

Content :

  1. Introduction to Personal Data Protection Act (PDPA)
  • Objectives of the data protection regime.
  • Definition of business contact information, individual and organisation, data intermediary ( outsourced payroll vendor ).
  1. Meaning of Employment under PDPA

Definition of organisation

Definition of employment agency

Differences between organisation and employment agency in relation to personal data.

  1. Meaning of Personal Data and its application on employment relationship.

  1. The 9 Key Obligations under PDPA and its bearing on HR practitioners:
  • Consent Obligation
  • Purpose Limitation Obligation
  • Notification Obligation
  • Assess and Correction Obligation
  • Accuracy Obligation
  • Protection Obligation
  • Retention Limitation Obligation
  • Transfer Limitation Obligation
  • Openness Obligation

  1. Collection of personal data by HR practitioners:

i)          What constitute to be consent given by job applicants.

ii)        What constitute to be deemed consent by job applicants.

iii)      Under what circumstances where HR practitioners need not seek consent from job applicants:

  • Personal data publicly available by HR practitioners
  • Investigation or proceedings conducted by HR practitioners and its bearing on employees.
  • Usage of personal data by HR practitioner for evaluative purposes.
  • Document produced in the course of employment.
  • Need by HR practitioners for the managing and terminating employment.
  • Business asset transaction as required in due diligence context by HR practitioners.
  • Circumstance whereby HR practitioners need to release personal data to the proper authority.

iv)      Withdrawal of consent by employees

v)        Access to personal data by HR practitioners

vi)      Use of personal data by HR practitioners

vii)    Under what circumstances must HR practitioners need to disclosure of personal data?

viii)  Accuracy of personal data furnished by HR practitioners.

ix)      Protection of personal data as required by HR practitioners.

x)        Retention of personal data as required by HR practitioners.

xi)      Liability for breach of personal data by HR practitioners and its bearing on office bearers.

  1. HR Practitioner and its duties governing PDPA

  • Taking the role of Data Protection Officer ;
    • Developing good policies for handling personal data in electronic and/or manual form, that suit your organisation’s needs and comply with the PDPA;
  • Communicating the internal personal data protection policies and processes to customers, members and employees;
  • Handling queries or complaints about personal data from customers, members and employees;
  • Alerting your organisation to any risks that might arise with personal data; and
  • Liaising with the PDPC, if necessary.


7. HR Practitioners as custodian and managing of personal data.

  • Set out how the personal data in custody may be well-protected.
  • Classify the personal data to better manage housekeeping.
  • Set clear timelines for the retention of the various personal data and cease to retain documents containing personal data that is no longer required for business or legal purposes.
  • For the transfer of personal data overseas, include the use of contractual agreements with the organisations involved in the transfer to provide a comparable standard of protection overseas.