Data Protection: It s getting personal

Similar documents
Data Protection Policy

RAW MARKETING DATA PROTECTION POLICY

Breakthrough Data Protection Policy Approved by Lead Organisation: November 2017 Next Review Date: November 2018

Getting ready for the new data protection laws A guide for small businesses, charities and voluntary organisations

WORLEYPARSONS RECRUITMENT PRIVACY NOTICE

General Optical Council. Data Protection Policy

VMS Software Ltd- Data Protection Privacy Policy

GUIDANCE NOTES DATA PRIVACY IMPACT ASSESSMENT

REDDISH VALE HIGH SCHOOL PRIMARY PRIVACY NOTICE

THE COMPETITION AND CONSUMER PROTECTION COMMISSION JOB APPLICANT PRIVACY NOTICE 1. INTRODUCTION... 2

A PRACTICAL GUIDE FOR HOW AN ADVERTISER CAN PREPARE FOR GDPR JANUARY 2018

The Diocese of Galloway - Privacy notice

We reserve the right to update this privacy notice at any time. Please check our website from time to time for any changes we may make.

UK Research and Innovation (UKRI) Data Protection Policy

General Personal Data Protection Policy

The SENAD Group. Section 5 Data Protection Protocol

Tourettes Action Data Protection Policy

WEWORK PRIVACY POLICY FOR PEOPLE DATA

GROUP DATA PROTECTION POLICY

GDPR P4 Privacy Policy Statement & Guidance for Employees and External Providers

Policy Name: McKesson s Imaging and Workflow Solutions and Enterprise Information Solutions U.S. - EU Safe Harbor Privacy Policy ( Policy )

Data Protection Policy

IQ Data Protection Policy

DATA PROTECTION POLICY 2016

Privacy Impact Assessment: Standard Operating Procedure

Privacy and Data Protection Policy

Applicant Privacy Notice Date: June 1, 2018

LAST UPDATED June 11, 2018 DATA PROTECTION POLICY. International Foundation for Electoral Systems

Mobile Connect Privacy Principles

European Union General Data Protection Regulation 25 th May 2018

GDPR DATA PROCESSING NOTICE FOR FS1 RECRUITMENT UK LTD FOR APPLICANTS AND WORKERS

Data Privacy Policy for Employees and Employee Candidates in the European Union

Recruitment Privacy Notice Italy

DATA PROTECTION POLICY 2018

Data protection (GDPR) policy

Responsible Business Alliance. Data Privacy and GDPR Compliance Policy

Data Protection Policy

Privacy Notice. The Kind of Information We Hold About You

Human Resources. Data Protection Policy IMS HRD 012. Version: 1.00

Depending on the circumstances, we may collect, store, and use the following categories of personal information about you:

PRIVACY NOTICE for Welsh St Donat s Community Council, May 2018

APPLICATION FORM Shakespeare Way, Whitchurch Business Park, Whitchurch, Shropshire SY13 1LJ Tel No

SCHOOLS DATA PROTECTION POLICY. Guidance Notes for Schools

Privacy Strategy, Principles & Policy - Version 1.0 Official Publish Date: 23rd May 2018

Syntel Human Resources Privacy Statement

Data Protection Policy

SHENLEY BROOK END SCHOOL

KRONOS WORLDWIDE, INC. SAFE HARBOR PRIVACY POLICY Effective December 1, 2009 Amended and Restated as of July 20, 2012

GDPR Annotated Privacy Statement

Privacy Notice for Clients of RISDON HOSEGOOD Solicitors

Elections Ontario Privacy Policy

Information Sharing Policy

RBA Online Privacy Notice for

PERSONAL DATA PROTECTION ACT (PDPA)

Gearing up for GDPR Compliance - Practical steps to ensure compliance with the revised data protection regulation. Chris Bernau.

Data Protection and Privacy Statement

Parent / Carer Privacy Notice

PRIVACY NOTICE Tendering Contractor / Contractor Staff May 2018

SAFFRON WALDEN COMMUNITY CHURCH DATA PROTECTION POLICY. Adopted: [ ]

LIFE STYLE CARE PLC. Privacy Statement for Employees. August 2018

Employee Privacy Statement

PRIVACY POLICY CARTERS PROFESSIONAL CORPORATION

Data Protection Policy Approved by: COG Approved: 9 August 2017 Review date: August 2019 Version: Statement of Intent

GDPR: What Every MSP Needs to Know

Hendre Infants School DATA PROTECTION POLICY. Nurture, Believe, Achieve Headteacher: A. J. Brett-Harris

Data Management and Protection Policy

DATA PROTECTION POLICY VERSION 1.0

Data Protection Policy

Data Protection Policy

Data Protection Policy

Baptist Union of Scotland DATA PROTECTION POLICY

Subway Group. Prospective Employees Privacy Notice

Recruitment Privacy Notice London

EU General Data Protection Regulation in the digital age: Are you ready?

CANDIDATE DATA PROTECTION STANDARDS

THE GENERAL DATA PROTECTION REGULATION (GDPR) A GUIDE FOR CONGREGATIONS

Data Protection. Policy

Data Protection Policy

Recruitment Privacy Notice France

2.1.2 Gender, age, date of birth, marital status and nationality;

MODA HEALTH CODE OF CONDUCT

Data Protection Employee Privacy Notice

PRIVACY NOTICE Potential Staff / Graduate Recruitment May 2018

DELL BANK INTERNATIONAL D.A.C DATA PROTECTION STATEMENT - USE OF PERSONAL DATA 1

St John's Primary School and Nursery. Privacy Notice for Governors How we use your information 2018/19

Personal Data Protection Act (PDPA)

PRIVACY NOTICE FOR JOB APPLICANTS

This privacy notice applies to attendees, organisers and others involved in Merton College s conferences and events

THE NATIONAL GALLERY ANTI FRAUD, BRIBERY AND CORRUPTION RISK MANAGEMENT STATEMENT.

The current version (July 2018) is derived from, and supersedes, the version published in February 2017 and earlier versions.

PREPARING FOR THE GENERAL DATA PROTECTION REGULATION. SELF-ASSESSMENT QUESTIONNAIRE Data Controllers

DATA PROTECTION POLICY

Data Protection. Document Detail Type of Document (Stat Policy/Policy/Procedure) Category of Document (Trust HR-Fin-FM-Gen/Academy) General

Compliance with South African POPI Acts

General Data Protection Regulation Philippe Roggeband. Business Development, Manager, GSSO EMEAR

DATA PROTECTION POLICY

Brasenose College Data Protection Policy Statement v1.2

General Data Privacy Regulation: It s Coming Are You Ready?

Scottish Charity Number SC Dingwall Baptist Church DATA PROTECTION POLICY

LSEG Recruitment Privacy Notice

Transcription:

www.pwc.com/my Data Protection: It s getting personal Malaysia: Personal Data Protection Act (PDPA) 2010

In the news Read about these? Octopus sold customer personal data to business partners for direct marketing. The Chief Executive resigned amid intense criticisms - The Standard, 2010 - Personal Data for Sale - The Malay Mail, 2010 - Barclays bank employee fined 2,000 after she unlawfully accessed customer accounts for personal purposes - Barclay Simpson, 2012-2

Are you ready? Personal Data Protection Act 2010 is applicable to all businesses in the private sector that processes personal data in respect of commercial transactions Many countries have adopted or are in the process of promulgating privacy laws aimed at protecting their citizens from abuses of their personal information. On 15 November 2013, the Personal Data Protection Act 2010 ( PDPA ) has finally come into force with the objective to protect the personal data of individuals with respect to commercial transactions. You have 3 months to register your organization and to comply with the Act. The penalty for non-compliance will be between RM 100k 500k and/or imprisonment of between 1 3 years. 3

How personal is personal? Your customer and employee data? Here, there, and everywhere Loss of personal data leaves customers and employees at risk of fraud and personal identity theft Personal Data means any information in respect of commercial transactions that relates directly or indirectly to an individual, who is identified or identifiable from that information alone or with other information including any sensitive personal data and expression of opinion about the individual. Example of personal data are (but not limited to): Name Address Gender Date of Birth Telephone Number Photographs Videos Sensitive Personal Data refer to any personal data that contains any of the following attributes: Physical or Mental Health Political Opinions Religious Beliefs Commission or alleged commission of any offence or any other personal data as determined by the minister For sensitive personal data, explicit consent has to be obtained from the individual for processing of the personal data. 4

What does this mean for your business? The Value of Personal Data Protection Personal data is not just customer personal data, it includes employee and vendor personal data From an organisational perspective, the Act has far reaching effects and affects the manner in which organisations interact with their employees, customers and third party service providers as well as how they store, handle and process personal data. More than just another compliance initiative, the impact from the Act will be felt throughout an organisation from its business process layers right down to the supporting functions, infrastructure and facilities. The Act also covers personal data that has been outsourced to a third party service provider for processing. Special attention is also required for cross border transfer of personal data. An effective personal data protection and compliance framework will provide value in the following areas: Robust corporate responsibility Engaging customer relationship management Increased consumer confidence Strengthened corporate reputation and brand image 5

What is covered under the Act? Principles of Personal Data Protection Act General Principle Sets out the rights and obligations of the data user when processing personal data. Notice and Choice Principle A data user shall inform an individual by written notice that his personal data is being processed by or on behalf of the data user, the purposes for which the personal data is to be collected and further processed, the individual s right to request access or correction of the personal data and how to contact the data user with any inquiries or complaints regarding the personal data, class of third parties to whom personal data will be disclosed to, the choice to limit the processing, whether it is obligatory or voluntary for the individual to supply the personal data and the consequences if he fails to supply. Disclosure Principle The data user shall not disclosure a data subject s personal data, without the consent of the data subject, unless it is for the purpose for which it was originally collected. Security Principle The data user shall take practical steps to safeguard the personal data from any loss, misuse, modification, unauthorized or accidental disclosure, alteration or destruction. Data Integrity Principle A data user shall take responsible steps to ensure that the personal data is accurate, complete, not misleading and kept up-to-date. Access Principle An individual shall be given access to his personal data held by a data user and be able to correct it. Retention Principle The personal data processed for any purpose shall not be kept longer than is necessary for the fulfillment of that purpose. 6

Do it the PwC way Why Choose PwC? PwC can assist your organisation to comply with the Act by providing an integrated approach and effective solution to assist you in the task of integrating PDPA Principles across your business PwC is dedicated to delivering effective solutions to your regulatory needs. We have hands-on experience in the implementation of the Malaysian Personal Data Protection Act We have developed a methodology to that will assist in the gap analysis and implementation to comply with the Act, which is cost effective and minimises disruption to your business We are a global leader in the area of personal data protection We are committed to quality 7

How will PwC do it? Our Methodology Governance Data Compliance PDPA Principles Technology Security Programme Management Change Management Process Compliance A holistic, integrated compliance framework and strategy is defined for the organisation. Governance The privacy programme is steered, coordinated and controlled correctly and delivers on expected benefits. Security Compliant security measures are implemented across the organisation and its partners in a consistent and effective manner. Process Affected business processes are changed or adapted to comply while still remaining efficient. Technology Technology is changed or adapted to comply with the proposed legislation. Data The completeness, accuracy and validity of personal information is assured. Programme Management Privacy projects are tracked, managed and efficiently run to minimise costs and maximise efficiency. Change Management The privacy programme is complemented by appropriate interventions to ensure that any changes made stick. 8

How can PwC help? PwC Services The personal data protection services we provide include: Gap Analysis and Development of Implementation Roadmap Identify the gaps to meet the legal requirements and industry standards. Develop a strategic roadmap to address the gaps Framework Development Develop structure, roles and responsibilities, policies and procedures Compliance Audit processes and systems to assess compliance with policies, standards and legal requirements Seminar and Training Design and present training and awareness programmes

Contact Kuala Lumpur PricewaterhouseCoopers Level 10, 1 Sentral Jalan Travers Kuala Lumpur Sentral 50470 Kuala Lumpur Telephone +60(3) 2173 1188 Facsimile +60(3) 2173 1288 pwcmsia.info@my.pwc.com Ong Ai Lin Senior Executive Director Telephone +60 (3) 2173 0472 Facsimile +60 (3) 2173 1288 ai.lin.ong@my.pwc.com Christine Albert Senior Manager Telephone +60(3) 2173 1984 Facsimile +60 (3) 2173 1288 christine.x.albert@my.pwc.com

pwc.com/my 2013 PricewaterhouseCoopers. All rights reserved. "PricewaterhouseCoopers" and/or PwC Personal "PwC" Data refers Protection to the Act individual (PDPA) 2010 members of the PricewaterhouseCoopers organisation in Malaysia, each of which is a separate and independent legal entity.

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback