This workshop PDPA for HR practitioners as the name implies is meant for HR practitioners only. Unlike, the two days’ WSQ, PDPA, it is a generic version for organisations who need to know about PDPA. More importantly, HR practitioners need to know exactly when to collect, use and disclosure of NRIC as the PDPA makes it illegal with effect from 1 September 2019 unless under the permitted situation.
Are you, as an HR practitioner, ready to implement this new statutory law in your area of work? Can you use or disclose an employee’s personal data without the employee’s consent? What is deemed as ‘consent’? Can you simply grant access to an employee’s personal data as and when a request for it is made? What should you do with the existing personal data collected before 2 July 2014? Come and find out the exact answers to these questions, non-exhaustive, at this workshop. Can you collect NRIC number from job applicants and employees? What happens if the job applicant’s CV or education certificates come with NRIC?
The HR Department is, without a doubt, one of the biggest ‘collectors’ of personal data in any organisation. A mass of personal data may be received by the HR Department each day, and these data not only relate to employees but also outsourced employees like cleaners and security personnel, members of the public such as job applicants etc. The onus is also on the HR Department to ensure that adequate and sound personal data protection is offered by its appointed 3rd party vendors for its outsourced functions such as payroll, flexible benefits etc., and also government agencies such as the CPF Board etc.
Employees and job applicants alike would expect the HR Department to manage their personal data in compliance to the new Act, right from the Employment Application Form to resumes, Performance Evaluation Form, investigation statements from complainants and defendants, Updating of Personal Particulars Form, Leave Application Form etc. This expectation would also include how personal data of employees are forwarded to 3rd party vendors such as insurers, corporate travel agents, subsidiary companies in Singapore as well as overseas, etc. Even more critical is the sharing of employee personal data internally, with other internal parties such as the Department Heads, Section Heads and the immediate supervisors.
With this new Act, a new policy and procedure on personal data protection would need to be incorporated in the existing HR Policies, and Procedures and this workshop aim to enhance knowledge and so assist HR practitioners to formulate it.
At this workshop, only HR-related personal data protection case studies and scenarios relevant to HR practitioners will be shared by the trainer. Due to the uniqueness of its contents, HR practitioners are highly recommended to attend this workshop.
At the end of this workshop, participants will be able to:
- Background of PD Protection in the workplace.
- The objective of the
- Functions of the PDPC.
- Enforcement of the PD Protection.
- Data Protection Framework.
- Who must comply with PDPA?
- The obligation of the PDPA.
- Understand how to operationalise the obligations, in particular to NRIC which came into effect 1 Sept 2019
- How PD should be used, collected and disposed of for job applicants, employees at service, and ex-employees.
- The liability for breaching the PDPA and the financial penalties.
A competent HR practitioner must have the skills and knowledge in the following:
1. Introduction to Personal Data Protection Act (PDPA)
- Objectives of the Data Protection Regime.
- Key Terms Personal Data, Business Contact Information (BCI), Individual & Organisations, Data Intermediary and Other Key Terms.
2. Data Protection Provisions
- PDPA 9 Key Obligations/ Consent Obligation/ Purpose Limitation Obligation.
- Notification Obligation/ Access & Correction Obligation/ Accuracy Obligation.
- Protection Obligation/ Retention Limitation Obligation.
- Transfer Limitation Obligation/ Openness Obligation.
- Existing Data and Other Existing Laws.
3. Collection of personal data by HR practitioners:
- What constitutes to be consent given by job applicants.
- What constitutes to be deemed consent by job applicants.
4. Under what circumstances where HR practitioners need not seek consent from job applicants:
- Personal data publicly available by HR practitioners.
- Investigation or proceedings conducted by HR practitioners and their bearing on employees.
- Usage of personal data by HR practitioner for evaluative purposes.
- Document produced in the course of employment.
- Need by HR practitioners for managing and terminating employment.
- Business asset transaction as required in due diligence context by HR practitioners.
- Circumstance whereby HR practitioners need to release personal data to the proper authority:
- Withdrawal of consent by employees.
- Access to personal data by HR practitioners.
- Use of personal data by HR practitioners.
- Under what circumstances must HR practitioners need to the disclosure of personal. data?
- Accuracy of personal data furnished by HR practitioners.
- Protection of personal data as required by HR practitioners.
- Retention of personal data as required by HR practitioners.
- Liability for breach of personal data by HR practitioners and its bearing on office bearers.
5. HR Practitioner and its duties governing PDPA:
- Taking the role of a Data Protection Officer.
- Developing good policies for handling personal data in electronic and manual form, that suit your organisation’s needs and comply with the PDPA.
- Communicating the internal personal data protection policies and processes to customers, members and employees.
- Handling queries or complaints about personal data from customers, members and employees.
- Alerting your organisation to any risks that might arise with personal data; and
- Liaising with the PDPC, if necessary.
- Liaising with data intermediaries such as payroll vendor.
6. HR Practitioners as custodian and managing personal data.
- Set out how the personal data in custody may be well-protected.
- Classify the personal data to manage it accordingly.
- Set clear timelines for the retention of the various personal data and cease to retain documents containing personal data that is no longer required for business or legal purposes.
- The transfer of personal data overseas, including the use of contractual agreements with the organisations involved in the transfer to provide a comparable standard of protection abroad.
7. The rules governing collection, use and disclosure of NRIC which came into effect 1 September 2019.
- Collection of NRIC by organisations.
- The alternatives to NRIC numbers.
- Operational perspective on place job advertisements involving NRIC.
- The collection, use and disclosure of NRIC on job applicants, existing employees, and ex-employees.
8. Applicability of the PDPA to different situations
- Employment, Receptionist, Security department.
- Photography, recordings and CCTV of job applicants, employees, and ex-employees.
- Personal identification documentation such as NRIC, Passport, Foreign Identification.
- Alternatives to NRIC.
- The permitted situations to collect NRIC.
9. Roles of Data Protection Officer (DPO)
- Appointment of DPO/ Possible Roles of a DPO/ Governance Structures.
- Assessment: Develop a Governance Structure for Your Organisation.
- Who can be DPO?
- What are the responsibilities of DPO?
Lecture and case study.
Who Should Attend
Human Resource practitioners
Please visit this page to register.