The Personal Data Protection Act or PDPA will come into force on 1 June 2022. With the introduction of the Act so close, your organisation should be preparing for its requirements. However, if your company hasn’t yet started preparing for the PDPA’s requirements, we suggest below four steps which could jumpstart the compliance process. Let’s get started!
First, a Privacy Notice / Policy for your website: This step is quite easy to implement. You can download the Privacy Notice template and add the hyperlink on the landing page.
Third, prepare the consent form: Your organisation might think it doesn’t require a consent form, however, the top five activities that “require” the consent form are as follows:
- Employee Policy
- CCTV Policy
- Marketing Policy
- Sales Policy
- Transfer to Third Party
At the very least, you must send a consent form to each of your employees for the HR process. If you don’t have a consent form, we can provide a sample for you.
Fourth, Assign Data Protection Officer: Organisations are required to designate at least one individual to be the Data Protection Officer (DPO). The DPO will oversee the data protection responsibilities and obligations of the organisation, ensure compliance with the PDPA, and issue announcements and notices to the organisation.
Your company should look at its own circumstances to determine if it meets all the requirements and obligations under the Personal Data Protection Act, in addition to the above four suggested steps. PKF provides a PDPA compliance review service to companies and we would be happy to discuss this with you – if interested, please get in touch.