This guide is for persons who are responsible for data protection within an organisation and also persons who supervise or work with infocommunication technology (“ICT”) systems and processes. Some ICT knowledge will be required to understand the terminology and concepts used. This guide seeks to provide information on common topics related to security and protection of personal data stored in electronic medium (or ”electronic personal data”); good practices that organisations should undertake to protect electronic personal data; and enhanced practices that organisations may consider adopting to further improve protection of electronic personal data.

Click here to find out more.

Revisions to Guide (updated 14 September 2021)

The guide has been replaced with the new Guide to Data Protection Practices for ICT Systems, which provides a compilation of data protection practices from past PDPC advisories and guides, and recommends basic and enhanced practices that organisations can incorporate into their ICT policies, systems and processes. Access the new Guide here.