Active Enforcement Framework
The PDPC’s Active Enforcement Framework builds upon the principles of accountability in promoting positive behaviours by organisations when handling personal data and related incidents. In certain circumstances, the PDPC may apply enforcement options that take into consideration the accountable conduct of the organisation. Under the Active Enforcement Framework, in the event of a data incident, organisations with accountable practices may consider the option of (a) an undertaking and/or (b) expedited enforcement decision, instead of a full investigation, under certain circumstances specified by the PDPC.
An organisation that has detected a data incident early and demonstrated that it has established processes to respond to it quickly and effectively may submit to the PDPC an undertaking to voluntarily commit to implement its remediation plan and resolve the breach. This is applicable to organisations that have good accountability practices (e.g. the organisation has attained certification under the Data Protection Trustmark).
An expedited enforcement decision may be given by the PDPC if an organisation makes an upfront admission of liability for breaching relevant obligation(s) under the PDPA. The voluntary admission of the organisation’s role in the breach will be taken as a strong mitigating factor where financial penalties are involved. The option provides accountable organisations an opportunity to conduct themselves in a dignified manner.
Find out more here.