Personal Data Protection Act

Course Objectives

Upon completion of this program, participants will be able to:

• Understand the implications of the 7 Data Protection principles
• Understand the latest PDPA Regulations
• Review the essential provisions under the Personal Data Protection Act
• Gain insights to PDPA Enforcement, Penalties and Offences
• Consider the new proposed PDPA Amendments

Target Audience

General Managers, Human Resource Managers, Compliance Officers. Marketing & Sales Managers

Methodology

• Lectures
• PowerPoint Presentations
• Active Group Discussions
• Question and Answers session

Course Modules

MODULE 1 – INTRODUCTION TO THE MALAYSIAN PERSONAL DATA PROTECTION ACT (PDPA)

• Overview of the PDPA
• Understanding the Key Provisions in the Act
• Dealing with the various parties
• Data User
• Data Processor
• Data Subject
• How to deal with Sensitive Personal Data 

MODULE 2 – PDPA COMPLIANCE

• Who does the PDPA apply to?
• Processing of Personal Data in a Commercial Transaction
• What is Personal Data?
• Definition of a Commercial Transaction
• Obtaining Consent from the Data Subject
• Privacy Notification prior to Data Processing
• Data Subject Request
• Implementation of Data Security Mechanisms for Companies
• Dealing with Data Transfer outside Malaysia

MODULE 3 – DEALING WITH THE 7 DATA PRINCIPLES

• General Principle
• Consent from the data subject must be obtained before processing personal data.
• Notice & Choice Principle
• The privacy notice must be served on the data subject.
• Disclosure Principle
• No personal data that is being processed or stored shall be disclosed save with the consent of the data subject.
• Security Principle
• Practical steps must be taken to protect personal data from any loss, misuse, modification, unauthorized or accidental access or disclosure, alteration or destruction.
• Retention Principle
• The personal data processed for any particular purpose shall only be kept for the duration of its intended purpose only.
• Data Integrity Principle
• A data user shall take reasonable steps to ensure that the personal data is accurate, complete, not misleading and kept current by having regard to the purpose,
• Access Principle
• A data subject shall be given access to correct his personal data where it is inaccurate, incomplete, misleading or not up-to-date.
• Step by Step Review of the actual wording of the 7 Data Principles
• The requirements on the 7 Data Principles
• The Implementation Mechanisms
• The Exceptions
• The Exemptions

MODULE 4 – DATA PROTECTION – WHAT NEEDS TO BE IMPLEMENTED

• The PDPA Impact Assessment Analysis
• The PDPA Report
• Setting up a Privacy Compliance Team
• Role of the Privacy Officer
• PDPA Compliance Exercise

MODULE 5 – ENSURING SUCCESSFUL COMPLIANCE WITH THE PDPA

• Guidelines and Practical steps for a smooth transition
• Modification of existing business processes
• Identifying and overcoming obstacles pertaining to achieving compliance with the PDPA
• PDPA Compliance mandates and exemptions
• Examples and analyzing case studies based on the PDPA principles

MODULE 6 – PDPA REGISTRATION OF CLASS OF DATA USERS

• Registration Requirements with the Commissioner
• The Classes of Data Users
• Registration Exercise
• Non-Compliance
• Who is liable & Penalty

MODULE 7 – PDPA ENFORCEMENT

• • PDPA Commissioner
  • PDPA Advisory Committee
  • Appeal Tribunal