Presentation is loading. Please wait.

Presentation is loading. Please wait.

PERSONAL DATA PROTECTION ACT 2010

Published by서규 엄 Modified over 6 years ago

Similar presentations

Presentation on theme: "PERSONAL DATA PROTECTION ACT 2010"— Presentation transcript:

1 PERSONAL DATA PROTECTION ACT 2010
POLICIES & PROCEDURES 20 September 2018

2 Came into force on 15 November 2013
OVERVIEW Gazetted in June 2010 Penalty for non-compliance: between RM100k – 500k and/or between 1 – 3 years imprisonment Came into force on 15 November 2013 Objective: To protect the personal data of individuals with respect to commercial transactions

3 SCOPE – POLICIES & PROCEDURES
Applicable to: All TCB Employees who process personal data on behalf of TCB in all commercial transactions.

4 SCOPE - DEFINITIONS Personal Data Sensitive Personal Data Data User
Any information relates direct/indirect to an individual (i.e: name, NRIC number, picture, telephone number, address ( / residential / office), gender, nationality, account number, assessments / appraisals, progress reports, profiling assessments, etc) Personal Data Includes religious belief, political opinions, health information and the commission or alleged commission by a Data Subject of any offence. Sensitive Personal Data TCB Data User The TCB HR Personnel Data Processor An individual / sole proprietor who is the subject of the Personal Data, including TCB’s job applicants, employees, individual customers, hotel guests, individual vendors and consultants Data Subject Includes collecting, recording, holding, editing, transferring, storing and erasing Personal Data. Processing any activity that is commercial in nature, whether or not there is a contract between the parties (i.e: the provision of products and services, financing, investments and banking) Commercial Transaction SCOPE - DEFINITIONS

5 ACCESS, CORRECTION & UPDATE
POLICIES ACCESS, CORRECTION & UPDATE DATA INTEGRITY RETENTION SECURITY DISCLOSURE COLLECTION GENERAL

6 All TCB employees must adhere to this document in the processing of Personal Data pursuant to a commercial transaction. POLICIES - GENERAL

7 consent of the Data Subject must be obtained, and a notice on processing of the Personal Data must be served on the Data Subject TCB employees should only collect Personal Data that is relevant for the purpose of collection Any usage of Personal Data obtained from the public domain shall be treated in the same manner as Personal Data collected from any other sources. The Personal Data of the Data Subjects should only be processed to the extent as provided in the Personal Data Protection Notice and as consented by the Data Subjects POLICIES – COLLECTION

8 Any disclosures made by TCB should be recorded and maintained.
Unless consent of the Data Subject has been given, Personal Data shall not be disclosed, amongst others: Other than the purpose for which was disclosed at the time of collection Any disclosures made by TCB should be recorded and maintained. POLICIES – DISCLOSURE

9 Duty of confidentiality in processing Personal Data
Processing of and access to Personal Data must be restricted on a “need to use” and “need to know” basis Precautions must be taken against loss, misuse, unauthorised access or modification, or damage to Personal Data All TCB employees are responsible to ensure that Personal Data is kept securely and not disclosed either orally/in writing, intentionally/otherwise to any unauthorised third party POLICIES - SECURITY

10 TCB practices a policy of deletion and destruction of Personal Data, whether in soft or hard copies, as required by the PDPA, once the purpose for which the Personal Data was disclosed to TCB has ceased to exist. POLICIES - RETENTION

11 Should be accurate, complete, not misleading and kept up-to-date, having regard to the purpose for which the Personal Data was collected and further processed TCB employees are responsible to ensure that the Personal Data at any time is correct and up-to-date, and notify Human Resource Department immediately for any changes or inaccuracies in their Personal Data POLICIES – DATA INTERGRITY

12 DAR : Data Access Request DCR : Data Correction Request
A Data Subject or on behalf of a Data Subject may request to access or correct the Data Subject’s Personal Data. This is known as a data access request (“DAR”) or DCR. DAR : Data Access Request DCR : Data Correction Request POLICIES – ACCESS, CORRECTION & UPDATE

13 THE END THANK YOU

Download ppt "PERSONAL DATA PROTECTION ACT 2010"

Similar presentations

AN OVERVIEW OF DATA PROTECTION LAW IN THE GCC NICK OCONNELL, Senior Associate – TMT JUNE 2013.

AN OVERVIEW OF DATA PROTECTION LAW IN THE GCC NICK OCONNELL, Senior Associate – TMT JUNE 2013.
Www.dataprotection.gov.je The Data Protection (Jersey) Law 2005.

The Data Protection (Jersey) Law 2005.
Data Protection.

Data Protection.
What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.

What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.
Duncan Woodhouse – Assistant Registrar for Information Security, Risk Management and Business Continuity Helen Wollerton – Administrative Officer (Legal.

Duncan Woodhouse – Assistant Registrar for Information Security, Risk Management and Business Continuity Helen Wollerton – Administrative Officer (Legal.
Audiences NI Data Protection Workshop

Audiences NI Data Protection Workshop
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Data Protection Overview

Data Protection Overview
Data Protection for Church of Scotland Congregations

Data Protection for Church of Scotland Congregations
CENTRAL SCOTLAND POLICE Data Protection & Information Security Stuart Macfarlane Information Governance Unit Police Service of Scotland.

CENTRAL SCOTLAND POLICE Data Protection & Information Security Stuart Macfarlane Information Governance Unit Police Service of Scotland.
THE PERSONAL DATA PROTECTION ACT 2010: ISSUES & IMPLICATIONS

THE PERSONAL DATA PROTECTION ACT 2010: ISSUES & IMPLICATIONS
Data Protection and You Your Rights & The Law Registration Basics Other Activities Disclaimer: This presentation only provides an introductory info. Please.

Data Protection and You Your Rights & The Law Registration Basics Other Activities Disclaimer: This presentation only provides an introductory info. Please.
Privacy and Security of Protected Health Information NorthPoint Health & Wellness Center 2011.

Privacy and Security of Protected Health Information NorthPoint Health & Wellness Center 2011.
The Data Protection Act 1998 The Eight Principles.

The Data Protection Act 1998 The Eight Principles.
OCR Nationals Level 3 Unit 3.  To understand how the Data Protection Act 1998 relates to the data you will be collecting, storing and processing  To.

OCR Nationals Level 3 Unit 3.  To understand how the Data Protection Act 1998 relates to the data you will be collecting, storing and processing  To.
EU Data Protection IT Governance view Ger O’Mahony 12 th October 2011.

EU Data Protection IT Governance view Ger O’Mahony 12 th October 2011.
Data Protection Act AS Module 1 10.8 Heathcote Ch. 12.

Data Protection Act AS Module Heathcote Ch. 12.
Data Protection Corporate training 2012. Data Protection Act 1998 Replaces DPA 1994 EC directive 94/46/EC The Information Commissioner The courts.

Data Protection Corporate training Data Protection Act 1998 Replaces DPA 1994 EC directive 94/46/EC The Information Commissioner The courts.
The Data Protection Act - Confidentiality and Associated Problems.

The Data Protection Act - Confidentiality and Associated Problems.
The Data Protection Act 1998. What Data is Held on Individuals? By institutions: –Criminal information, –Educational information; –Medical Information;

The Data Protection Act What Data is Held on Individuals? By institutions: –Criminal information, –Educational information; –Medical Information;

Similar presentations

Ads by Google