The Personal Data Protection Act 2012 is a data protection law in Singapore. It governs the manner in which organizations collect, use, and disclose personal data of individuals by recognizing the right of individuals to protect their personal data and the need of organizations to process their customer’s data for reasonable and limited business needs. The PDPA is applicable to not just organizations in Singapore, it applies even to organizations that do not have a physical presence in Singapore, as long as these organizations collect, use, or disclose data of individuals within Singapore.
At GRM Technologies, our data privacy and cybersecurity experts are well-positioned to help you set up a privacy framework that conforms to the requirements o the PDPA. We will conduct a detailed gap analysis against every legal requirement to determine your current level of compliance and maturity in implementing data privacy controls. We will then work with you to create data inventories and data flow maps to visualize the data processing activities within the company. It provides an overview of the types of personal information you collect; the purpose for which you use personal information; the retention period of personal information and the devices on which this information is stored; and the parties with whom the information is shared.
Data security is an important part of the PDPA requirements. Organizations are required to put in place appropriate and proportionate technical and organizational controls to implement the data protection principles of the Act. Our team will conduct a risk-based analysis to determine the cybersecurity risks your organization is exposed to and establish the necessary controls to mitigate the risks. Our cybersecurity solutions are in line with industry standard frameworks such as NIST. In addition, we will also provide specific guidance on establishing, implementing, maintaining a privacy information management system (PIMS) based of the ISO/IEC 27701 standard.
Our experts will work in close collaboration with your Data Protection Officer (DPO) to monitor your organization’s PDPA compliance and ensure that the company’s policies and processes are updated with the latest regulatory requirements. We will also conduct regular trainings and awareness programs to sensitize employees on personal data protection policies and drive home a culture where data protection becomes a part of business as usual.
At GRM, we have a global footprint, which allows us to tap into the best practices adhered at our customer sites across the world in order to build a robust data protection and cybersecurity framework for your organization.
Copyright @ 2024 GRM Technologies Pvt. Ltd.. All Rights Reserved.