Course Objectives
Upon completion of this program, participants will be able to:
- Understand the implications of the 7 Data Protection principles
- Understand the latest PDPA Regulations
- Review the essential provisions under the Personal Data Protection Act
- Gain insights to PDPA Enforcement, Penalties and Offences
- Consider the new proposed PDPA Amendments
Target Audience
General Managers, Human Resource Managers, Compliance Officers. Marketing & Sales Managers
Methodology
- Lectures
- PowerPoint Presentations
- Active Group Discussions
- Question and Answers session
Course Modules
MODULE 1 – INTRODUCTION TO THE MALAYSIAN PERSONAL DATA PROTECTION ACT (PDPA)
- Overview of the PDPA
- Understanding the Key Provisions in the Act
- Dealing with the various parties
- Data User
- Data Processor
- Data Subject
- How to deal with Sensitive Personal Data
MODULE 2 – PDPA COMPLIANCE
- Who does the PDPA apply to?
- Processing of Personal Data in a Commercial Transaction
- What is Personal Data?
- Definition of a Commercial Transaction
- Obtaining Consent from the Data Subject
- Privacy Notification prior to Data Processing
- Data Subject Request
- Implementation of Data Security Mechanisms for Companies
- Dealing with Data Transfer outside Malaysia
MODULE 3 – DEALING WITH THE 7 DATA PRINCIPLES
- General Principle
- Consent from the data subject must be obtained before processing personal data.
- Notice & Choice Principle
- The privacy notice must be served on the data subject.
- Disclosure Principle
- No personal data that is being processed or stored shall be disclosed save with the consent of the data subject.
- Security Principle
- Practical steps must be taken to protect personal data from any loss, misuse, modification, unauthorized or accidental access or disclosure, alteration or destruction.
- Retention Principle
- The personal data processed for any particular purpose shall only be kept for the duration of its intended purpose only.
- Data Integrity Principle
- A data user shall take reasonable steps to ensure that the personal data is accurate, complete, not misleading and kept current by having regard to the purpose,
- Access Principle
- A data subject shall be given access to correct his personal data where it is inaccurate, incomplete, misleading or not up-to-date.
- Step by Step Review of the actual wording of the 7 Data Principles
- The requirements on the 7 Data Principles
- The Implementation Mechanisms
- The Exceptions
- The Exemptions
MODULE 4 – DATA PROTECTION – WHAT NEEDS TO BE IMPLEMENTED
- The PDPA Impact Assessment Analysis
- The PDPA Report
- Setting up a Privacy Compliance Team
- Role of the Privacy Officer
- PDPA Compliance Exercise
MODULE 5 – ENSURING SUCCESSFUL COMPLIANCE WITH THE PDPA
- Guidelines and Practical steps for a smooth transition
- Modification of existing business processes
- Identifying and overcoming obstacles pertaining to achieving compliance with the PDPA
- PDPA Compliance mandates and exemptions
- Examples and analyzing case studies based on the PDPA principles
MODULE 6 – PDPA REGISTRATION OF CLASS OF DATA USERS
- Registration Requirements with the Commissioner
- The Classes of Data Users
- Registration Exercise
- Non-Compliance
- Who is liable & Penalty
MODULE 7 – PDPA ENFORCEMENT
- PDPA Commissioner
- PDPA Advisory Committee
- Appeal Tribunal