The purpose of conducting the Personal Data Protection Act 2010 (PDPA 2010) workshop/training is to create awareness on PDPA 2010 requirements among individuals who deal with customer’s personal data. This workshop will be providing the rules and regulations, coupled with do’s and don’ts with customer’s personal data in order to avoid or minimize the risk of the same being unlawfully used or disseminated.
This workshop/training will also provide an insight on how personal data can be better protected, from a Risk Management perspective i.e: offences- by formulating prevention methodologies and risk mitigation plans.
After completing the training, you should be able to:
DAY 1
09:00 AM – 10:30 AM
> The Underlying reason for the enactment of Personal Data Protection Act 2010
• Increasing number of the following cases: – Identity Theft, Data Loss, Unauthorized dissemination of data, Fraudulent Activities
> Overview of Personal Data Protection Act 2010
• Regulates processing of personal data
• Only commercial transactions
• Not data processed outside Malaysia
• 7 Principles
• Criminal offences
• No civil remedies
• Other supporting Regulations under PDPA 2010
10:30 AM – 10:45 AM Morning Tea Break
10:45AM – 01:00PM
> Data User
• Definition
• Categories
> Data Subject
• Definition
• Categories
> Personal data
• What is Personal Data and its express and implied definition
• Forms of Personal Data: As long as it identifies a data subject.
• Email – Whether it can be classified as personal data depends on the circumstances of the case.
• IP address – Whether it can be classified as personal data depends on the manner in which it is disclosed.
• Employer and Employee relationship. Data collated as pre-employment checks; Data volunteered just prior to employment; Data obtained during the course of employment.
> Commercial Transaction –
• Any transaction of a commercial nature, whether contractual or not.
• What are the areas of commercial activity that falls under the purview of Commercial > Transaction?
• Contracts
> Sensitive personal data
• Definition and categories
• Circumstances and conditions under which it can be processed or disseminated within the ambits of Personal Data Protection Act 2010
> Processing – What constitutes Processing
• Collecting
• Recording
• Holding
• Storing
• Organizing
• Publishing on the Internet
• Making available
01:00PM – 02:00PM Lunch
02:00PM – 03:30PM
> Classroom Activity & Mind Mapping
– Participant’s perspective and view
> Principles of Data Protection
For data to be processed lawfully in Malaysia, a data user shall comply with the following principles, namely
• General Principle
• Notice and Choice Principle
• Disclosure Principle
• Security Principle
• Retention Principle
• Data Integrity Principle
• Access Principle
03:30 PM – 03:45 PM Afternoon Tea Break
03:45 PM – 05:00 PM
A detailed explanation coupled with examples and case studies of each principle will be shared with participants. The exception to the General Principle will also be discussed.
> In instances of crime prevention, the following principles must be upheld (at least):
• General principle
• Notice & choice principle
• Disclosure principle
• Access principle.
DAY 2
09:00AM – 10:30AM
> Mind Mapping and Recap Of Day 1 Session
> Personal Data Protection Commissioner
• Appointment under the PDPA 2010
• Complaint Channel
• The rights to conduct investigations and audits
• Whether decision of Commissioner appealable
> Registration of Data User
• Registration process
• Approval
• Renewability of registration
10:30 AM – 10:45 AM Morning Tea Break
10:45AM – 01:00PM
> Transfer of Data Overseas
• Who can authorize transfer
• Circumstances under which Data User can effect transfer within the ambits of PDPA 2010
01:00PM – 02:00PM Lunch
02:00PM – 03:30PM
> Video Presentation on Personal Data Protection.
> Rights of data subject
• Right to access personal data
• Right to correct personal data
• Right to withdraw consent
• Right to prevent processing likely to cause damage or distress
• Right to prevent processing for purpose of direct marketing
> What Constitutes an Offence under the Personal Data Protection Act 2010
• Summary of Offences
• Case Study
> Liabilities under the Personal Personal Data Protection Act 2010
• Liabilities within the ambit of the act and its related impact.
> Enforcement mechanism can consist of one or a combination of the followings:
• Data protection commissioner
• Advisory committee
• Appeal tribunal
• Codes of practice
• Enforcement notice
• Prosecution
• Revocation of registration
03:30 PM – 03:45 PM Afternoon tea break
03:45PM – 05:30PM
> Classroom Activity – Participants divided into groups and to present their proposed plan
Eg: – How can an organization develop its own Data Protection Strategies within the ambits of Personal Data Protection Act 2010
> Information Security Policies
– Clean Desk Policy, Enforcement, and Execution, Non-Disclosure requirement.
> Risk Management and Assessment Principles
– With measurable KPIs and trigger factors
> Establish SOPs
> Close Loops Contracts
Wrap Up With Mind Mapping Session
Join our Inpsyful community to receive thought-provoking content, industry news, and exclusive offers tailored to enhance your professional journey.
Address:
Suite A-29-01 Vertical Business Suite Bangsar South,
No. 8, Jalan Kerinchi,
59200 Kuala Lumpur, Malaysia
Phone:
(+603) 2783 9602
Email:
[email protected]
Have a question or need more information? Fill out the form below and we will get back to you as soon as possible.
Interested in our training solutions? Have a question or need more information? Fill out the form below and we will get back to you as soon as possible.
