Singapore’s Personal Data Protection Commission (PDPC) issued a statement on March 1 announcing its plan to introduce mandatory breach notifications as part of a set of proposed amendments to the country’s Personal Data Protection Act (PDPA). The proposed amendments come in response to the PDPC’s recent review of the PDPA in order “to ensure that it keeps pace with the evolving needs of businesses and individuals, and balances safeguarding individuals’ interests and enables the legitimate use of personal data by organisations.” The details of the mandatory breach notification have not yet been made public, but the amendment will likely require organizations to notify the PDPC and affected data subjects when a certain level of breach has occurred.
In preparation for the General Data Protection Regulation (GDPR), set to take effect in the EU on May 25, 2018, we have hosted a series of webinars to help attendees navigate the changing data protection landscape. The GDPR is the EU’s most important change in data privacy regulation in 20 years, replacing the 1995 Data Protection Directive, and will affect any company that processes data pertaining to individuals in the EU. Please find more information on the presentations below:
- Overview of Preparing for the General Data Protection Regulation (GDPR): A high-level plan for preparing for GDPR implementation.
- Conducting a Data Inventory and Mapping: The process of conducting a data inventory and mapping.
- Establishing a Data Protection Officer: The requirements and considerations concerning the appointment of a Data Protection Officer.
- Conducting Data Protection Impact Assessments: The requirements and considerations for conducting a data protection impact assessment.
- Determining Your Lead Data Protection Authority: Determining a lead data protection authority and options for companies whose existing structures do not allow them to take advantage of this mechanism.
- Right to Data Portability: Determining the scope of the new data subject right to data portability, when it applies and what it means in practice.
- Legal Bases for Processing: The provisions of legal bases for the processing of personal data.
- Transparency: The provisions of the GDPR transparency requirement and its effects on data subject rights.
- Automated Processing and Profiling: Understanding the automated processing and profiling rights of data subjects under the new GDPR.
- Data Breach Notification: Circumstances in which notification is required and how to implement effective incident response plans.
- International Data Transfers: The key requirements for international data transfers, including actual and potential changes to existing transfer mechanisms.