Personal Data Protection Act (PDPA)

Similar documents
Security of Personal Data Policy and Guidelines

POLICY ON INFORMATION, SECURITY & DATA PROTECTION

Queen s Croft High School DATA PROTECTION POLICY AND PRIVACY NOTICE

VMS Software Ltd- Data Protection Privacy Policy

RSD Technology Limited - Data protection policy: RSD Technology Limited ( the Company )

Privacy and Data Protection Policy

The (Scheme) Actuary as a Data Controller

Breakthrough Data Protection Policy Approved by Lead Organisation: November 2017 Next Review Date: November 2018

The current version (July 2018) is derived from, and supersedes, the version published in February 2017 and earlier versions.

Information Sharing Policy

EDWARDS COMMERCIAL CLEANING SERVICES LTD and EDWARDS COMMERCIAL CLEANING (NORTH) LTD Data Protection Policy for Employees, Workers and Consultants

SCHOOLS DATA PROTECTION POLICY. Guidance Notes for Schools

TimePlan Education Group Ltd ( the Company ) Data Protection. Date: April Version: 001. Contents

DATA PROTECTION POLICY 2016

SME guide to the personal data protection act 2012

Data Protection Policy. Data protection. Date: 28/4/2018. Version: 1. Contents

St Mark s Church of England Academy Data Protection Policy

Human Resources. Data Protection Policy IMS HRD 012. Version: 1.00

LAST UPDATED June 11, 2018 DATA PROTECTION POLICY. International Foundation for Electoral Systems

P Drive_GDPR_Data Protection Policy_May18_V1. Skills Direct Ltd ( the Company ) Data protection. Date: 21 st May Version: Version 1.

DATA PROTECTION POLICY

closer look at Definitions The General Data Protection Regulation

GROUP DATA PROTECTION POLICY

We reserve the right to update this privacy notice at any time. Please check our website from time to time for any changes we may make.

Data Protection Policy

Tourettes Action Data Protection Policy

Brasenose College Data Protection Policy Statement v1.2

GDPR: What Every MSP Needs to Know

St Michael s CE Primary School Data Protection Policy

Data Protection Policy. UK Policy May 2018

General Optical Council. Data Protection Policy

RAW MARKETING DATA PROTECTION POLICY

Data Protection Policy

The Society of St Stephen s House Site Security and Monitoring Privacy Notice

FIRST NATIONAL BANK ZAMBIA LIMITED CODE OF ETHICS

GDPR DATA PROCESSING NOTICE FOR FS1 RECRUITMENT UK LTD FOR APPLICANTS AND WORKERS

Data Protection. Document Detail Type of Document (Stat Policy/Policy/Procedure) Category of Document (Trust HR-Fin-FM-Gen/Academy) General

GDPR P4 Privacy Policy Statement & Guidance for Employees and External Providers

DATA PROTECTION POLICY

1.3. Children under 2 years of age do not require a ticket for Sessions and will not be allocated a seat at any Session.

UoW takes measures to enable data to be restored and accessed in a timely manner in the event of a physical or technical incident.

Data Protection. Policy

RECRUITMENT PRIVACY NOTICE

DATA PROTECTION POLICY

Data subject access policy

Data Protection/ Information Security Policy

DATA PROTECTION POLICY 2018

TECHNICAL RELEASE TECH 05/14BL. Data Protection Handling information provided by clients

ECOSERVICES, LLC BINDING CORPORATE RULES

DATA PROTECTION POLICY

Data Protection: It s getting personal

Depending on the circumstances, we may collect, store, and use the following categories of personal information about you:

GENTING MALAYSIA BERHAD (58019-U) CODE OF CONDUCT AND ETHICS

WEWORK PRIVACY POLICY FOR PEOPLE DATA

LEICESTER HIGH SCHOOL DATA PROTECTION POLICY

EEA General Data Protection Regulation Privacy Notice - University of Rochester Office of Advancement

Quick guide to the employment practices code

Baptist Union of Scotland DATA PROTECTION POLICY

EARLS HALL BAPTIST CHURCH DATA PROTECTION POLICY

Data Protection Policy for Staff DJJK. Apr of 10

Data Protection Policy

CHANNING SCHOOL DATA PROTECTION POLICY

General Personal Data Protection Policy

Data Protection Policy

CANDIDATE DATA PROTECTION STANDARDS

Data Protection Policy

Data Protection Policy for the Grimsby Institute of Further & Higher Education

Data Protection Policy

The Diocese of Galloway - Privacy notice

DATA PROTECTION POLICY

Privacy notice for the school workforce (all staff) The personal data we hold

DATA PROTECTION POLICY

NEW LIFE BAPTIST CHURCH NORTHALLERTON DATA PROTECTION POLICY. Adopted: 20 June 2018 To be reviewed: June 2021

Trinity is committed to protecting the privacy and security of personal data.

PRIVACY NOTICE FOR JOB APPLICANTS

Data Privacy Policy for Employees and Employee Candidates in the European Union

Scottish Charity Number SC Dingwall Baptist Church DATA PROTECTION POLICY

Training Manual. DATA PROTECTION ACT 2018 (DPA18) Incorporating General Data Protection Regulations (GDPR) Data Protection Officer is Mike Bandurak

THE VIEWPOINT ORGANISATION (EUROPE) LIMITED TERMS AND CONDITIONS

LIFE STYLE CARE PLC. Privacy Statement for Employees. August 2018

The template uses the terms students / pupils to refer to the children or young people at the institution.

Brasenose College is committed to protecting the privacy and security of personal data.

APES 305 TERMS OF ENGAGEMENT

Data Protection Policy & Procedures

Section a What this Policy is for Policy Statement. 2. Why this policy is important... 3

Good 4 Global Charity Foundation Ltd Good 4 Global Limited. On behalf of all Affiliates and Software Licensees

LSEG Recruitment Privacy Notice

Foundation trust membership and GDPR

PREPARING YOUR ORGANISATION FOR THE GENERAL DATA PROTECTION REGULATION YOUR READINESS CHECKLIST DATA PROTECTION COMMISSIONER

Technical Release 02/ Irish Company Law Requirements: Audit Committees

Applicant Privacy Notice Date: June 1, 2018

DATA PROTECTION POLICY

What personal details do we hold

THE PORTSMOUTH GRAMMAR SCHOOL

DATA PROTECTION POLICY VERSION 1.0

CHESHUNT SWIMMING CLUB

Nissa Consultancy Ltd Data Protection Policy

CODE OF CONDUCT REGULATION

Getting ready for the new data protection laws A guide for small businesses, charities and voluntary organisations

Data protection. The employment practices code

Transcription:

Personal Data Protection Act (PDPA) Disclaimer: - This power-point presentation is purely a training tool for the internal agency training programmes of Great Eastern Life Assurance (Malaysia) Berhad. All or any part of the contents of this presentation shall not be used directly or indirectly for soliciting insurance business, policyholder services and/or facilitating any other form of communications with any external party whatsoever. This information is correct as at 04032013 PAGE 1

Snap Shot on Personal Data Protection Act The Personal Data Protection Act 2010 ( PDPA ) is an overeaching legislation to regulate the processing of personal data in commercial transactions. The PDPA was gazetted on 10 June 2010, and it has been enforced on 1 January 2013. The Personal Data Protection Department has been established under the Ministry of Information, Culture and Communications, which will oversee compliance with the PDPA. PAGE 2

Personal Data Protection Act May be in form, so long its can identify a data subject: 1. Name 5. Photograph 2. Passport/NRIC No. 6. Finger Print 3. Email 7. DNA 4. Phone Number Personal Data means any information in respect of commercial transactions that: - relates directly or indirectly to a data subject who is identified or identifiable from that information or from that and other information in the possession of a data user including any sensitive personal data and expression of opinion about the data subject PAGE 3

Areas to be Aware The PDPA will affect how the Company uses agents personal data e.g. for the publication of personal production and photographs. In order for the Company to continue to publish agents personal data, the following steps have been or will be taken: a) For existing field force: - A circular has been issued and posted in epartner on 1 November 2012 to inform of how the Company will use agents personal data PAGE 4

Areas to be Aware The Company has incorporated a similar Data Protection Notice into its forms, to inform agents/customers of how their personal data will be processed. The relevant forms include: Agency Admin: - Data Protection Notice has been incorporated into e-appointment screen upon agent appointment. New Business: - NB Proposal Form has been revised (NBZ-FCPRO-V14-012012) Customer Service: - 1.CS Form such as PSF 01 (Request for Alteration) 2.Vesting Age Letter PAGE 5

Personal Data Protection Act: Areas to be Aware Excerpt from Data Protection Notice The Company will be processing your personal information provided in this form and/or further information and data that may be required by the Company either from you or from any third parties. Your personal information may be used, recorded, stored, disclosed or otherwise processed by or on behalf of the Company (and its successors in title) for the following purposes: to carry on insurance business any insurance or financial related product or service or any alterations, variations, cancellation or renewal of such product or service; research purposes including historical and statistical purposes; any claim or investigation or analysis of such claim; to ascertain your claims history in order to improve claims processing and prevent fraudulent claims; exercising any right of subrogation; and matching any data held by the Company relating to you from time to time. PAGE 6

Areas to be Aware Customers Data The forms also include a revised marketing consent clause: I would like to receive updates and information about the products, services, promotions, charitable causes or other marketing information from: ( ) the Company and its agents ( ) the related companies of the Company and relevant third parties In relation to this, Marketing & Customer Management have been conducting a marketing drive to obtain customers consent to receive marketing materials. Note: The Company and its agents would only be allowed to send marketing materials if the customer has consented to receiving such materials. PAGE 7

Always ensure that the customer s consent has been obtained prior to any collection of Personal Data, for the purpose of managing and servicing the customer s proposal / policy Ensure that the customer understands the purpose(s) of the collection of his Personal Data PAGE 8

Do not use the customer s Personal Data other than for the purpose of managing and servicing his policy Be particularly careful in processing the customer s sensitive Personal Data (i.e. political opinion, religious belief, physical or mental health and criminal offences) PAGE 9

Respect confidentiality of the customer s Personal Data i.e. do not view and process Personal Data that is sealed and addressed to the Company (e.g. the customer s Medical Report) Always keep proper records of all Personal Data collected PAGE 10

Remember that the PDPA applies to any Personal Data stated on paper, held electronically or recorded via videos, photographs and audiotapes Ensure that all Personal Data collected is accurate and up-to-date, and only kept for as long as it is necessary for the purpose it was first collected PAGE 11

If the customer updates his Personal Data to you directly, promptly inform the Company of such updates If the customer wishes to access, update or amend his Personal Data, direct the Customer to the existing channels available, such as the econnect Portal PAGE 12

Direct any official requests to obtain the customer s Personal Data to the Company Always ensure that all physical files/documents stating the customer s Personal Data are securely locked up and not exposed PAGE 13

Improve the security levels in devices that are used for the processing of the customer s Personal Data Use only software and hardware supported and/or suggested by the Company PAGE 14

Encrypt the customer s Personal Data that are electronically backed-up or transferred Avoid using public sites and networks, such as public Wi-Fi services, to process, get access to and store the customer s Personal Data PAGE 15

Avoid using email to transmit the customer s sensitive Personal Data Always use sealed and marked Private & Confidential envelopes for transmission of physical documents containing the customer s Personal Data PAGE 16

Other than for the purpose of managing and servicing the customer s proposal / policy, disclose Personal Data only when the customer s explicit consent has been obtained. Note: Consent can be obtained in oral as well as in written form. Best practice is to always obtain consent in written form Avoid sharing the customer s Personal Data within or amongst the Company s employees / other Members of the Field Force unless it is necessary for the purposes of providing insurance services to the said customer, and on a need-to-know and need-to-use basis PAGE 17

Other than in relation to the processes of death claims, refuse requests from any third parties (including but not limited to the customer s family members) to obtain the customer s Personal Data, unless, prior written consent has been obtained from the customer Retain the customer s Personal Data only for as long as it is required to facilitate the servicing of customer s policies PAGE 18

If you are no longer the servicing agent of a particular customer and/or is no longer an agent of the Company, you must destroy such customer s Personal Data Ensure that all of the customer s Personal Data when required to be disposed / destroyed are performed accordingly (e.g. shredding of physical documents) Note: All Personal Data kept in personal devices is included (e.g. laptops / mobile phones) PAGE 19

Any usage of Personal Data for purposes other than in relation to the insurance services may amount to: a breach of confidentiality obligations imposed under the LIAM s Code of Ethics & Conduct, Agency Agreement, Agency Rules & Regulations and/or other Company s circulars / directives and may lead to disciplinary action being taken against you an offence under the PDPA for unlawful collecting and/or processing of Personal Data Always seek advice from the Company if you have any doubt in processing the customer s Personal Data PAGE 20

PAGE 21

All rights reserved. No part of this publication may be produced,translated, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying and recording without the prior written permission of the copyright the developer and owner. PAGE 22

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback