How to keep your business safe under the Personal Data Protection

advertisement
How to keep your business safe under the Personal Data Protection Act
Reaching out to a business’ customers isn’t just a question of marketing savvy and clever ad
copy – it’s also a legal issue.
Singapore’s new Personal Data Protection Act (PDPA) requires business needs to check for
compliance when collecting, using or disclosing the personal data of customers. The risks of
non-compliance are stark - ranging from customer complaints and civil liability to fines of up
to S$1 million.
On May 3, the Internet Society (ISOC) Singapore Chapter organized a workshop on the
Personal Data Protection Act, and how businesses could stay safe.
Mr David Alfred, the chief counsel of the newly instituted Personal Data Protection
Commission (PDPC), delivered a keynote address outlining the history, scope and reach of
the act. He disaggregated the definition of terms like ‘personal data’ (which, for instance,
includes your handphone number but not your business’ address) and delineated the scope
of upcoming schemes such as the ‘Do Not Call’ regime (marketing campaigns and ads are
covered, but not market research or surveys). The PDPA, he said, would enhance
Singapore’s reputation as a data processing hub, and bring it on par with international
standards.
Benjamin Ang, a lecturer on Intellectual Property Law with Temasek Polytechnic, outlined a
set of recommendations for businesses and individuals to transition towards compliance
with the new act. Businesses must be transparent with their handling of data, he urged, and
set up a complaints response process.
By the end of the workshop, the myriad legal issues lurking behind the constant barrage of
sales promotions, loyalty cards and tele-marketing calls were clearer. More than 50
participants, from entrepreneurs and university students to professionals from various
industries and backgrounds, asked pointed questions and discussed legal concepts and realworld applications.
Download