The Need for Accountability
Everyday, vast amounts of data are being generated as consumers and businesses go online. Consumers are also increasingly cautious about how organisations are using and managing personal data, and place greater value on trust and accountability.
To stay competitive, it is thus important for your organisation to take an accountability-based approach in managing customers' personal data. This will help your organisation strengthen trust with the public, enhance business competitiveness and provide greater assurance to your customers, all of which are necessary factors to thrive in the digital economy.
Accountability is a fundamental principle of the Personal Data Protection Act (PDPA). This means that organisations must take responsibility for the personal data under their possession or control. For more information, please refer to Part 3 of the PDPA 2012 on the Singapore Statutes Online website.
To demonstrate your organisation is handling personal data responsibly, you are required to:
(a) develop and implement policies for data protection;
(b) communicate and inform your staff about these policies, and inculcate an organisational culture of responsibility among staff through regular training and awareness programmes;
(c) appoint a Data Protection Officer (DPO) who is tasked with ensuring that your organisation complies with the PDPA. Additionally, make information about your data protection policies and practices available to consumers; and
(d) implement processes and practices that are necessary to meet your obligations under the PDPA. Your organisation should be able to demonstrate that personal data is properly managed and protected. This includes adapting legal requirements into policies and practices, data protection by design, and using monitoring mechanisms and controls to ensure that policies and processes are effectively implemented.
Above all, as an accountable business, your organisation is answerable to regulatory authorities, business partners, and individuals who entrust the organisation with personal data.