Passed in 2010, the Personal Data Protection Act 2010 (“PDPA”) regulates the “processing” of personal data of individuals in respect of commercial transactions, “processing” being defined to include the collection, storage and disclosure of personal data. Although the much publicized substantial aim was to ensure that the personal information of the man on the street is not peddled for the purpose of direct marketing, the Act has far-reaching implications for most businesses and organizations.
Since year 2010, we have assisted and continue to assist clients from a wide range of industries, first by conducting awareness conferences and subsequently by reviewing and revising clients’ internal policies, operations and procedures, as well as the preparation of PDPA notices so that they may comply with the PDPA. Such compliance programmes are conducted on an intensive basis, involving face-to-face interviews and discussions with representatives from various levels of the clients’ organizations.
We have also been consulted to review the PDPA policies of clients in light of the implementation of the Personal Data Protection Standard 2015 and the issuance of codes of practices for various industries.
Clients include multinationals, public listed and non-listed companies engaged in property development, technology, manufacturing, education, healthcare and direct marketing.