On 15 July 2019, the Personal Data Protection Commission (“PDPC”) issued its Guide to Accountability (“Guide”) that explains the principle of accountability in the context of personal data protection and how the PDPC has implemented this in Singapore. The Guide also sets out recommendations on how organisations can implement accountability-based measures. The Guide is part of a series of efforts by the PDPC to shift the emphasis in personal data protection from compliance to accountability. Please see our earlier legal update on other initiatives from the PDPC.
Accountability under the Personal Data Protection Act 2012 (“PDPA”) requires organisations to undertake measures to ensure and demonstrate compliance with the PDPA. For instance, the organisation is required to designate a data protection officer, who will be responsible for ensuring the organisation’s compliance with the PDPA. Ideally, the data protection officer should be part of senior management of the organisation. In addition, the organisation is required to develop and implement internal and external policies for data protection.
Apart from the mandatory accountability requirements under the PDPA, organisations should also consider implementing further accountability measures set out in the Guide. These measures are categorised under Policy, People and Process.
The Guide is available here.
If you have any questions on the above, please contact Heng Jun Meng or the ZICO Insights Law LLC partner you usually deal with.