The PDPC has published general guides for reference. They are:
- Guide to Notification (published 11 Sep 2014)
Information and examples on good practices which organisations may adopt when notifying individuals about personal data policies and practices.
- Guide to Securing Personal Data in Electronic Medium (updated 20 January 2017)
Information and examples on good practices which organisations may adopt to further secure electronic personal data.
Chapter 17 has been expanded to provide more guidance regarding the use of ready-made software.
- Guide to Managing Data Breaches (published 8 May 2015)
Information which organisations may consider when formulating their framework for managing and minimising data breaches.
- Guide on the Practice of Passing Magnetic Stripes of Payment Cards Through a Reader(published 21 April 2016)
Information which outlines the examples considered to be for the purpose of processing payment, and includes FAQs by the Association of Banks in Singapore on double-swiping.
- Guide to Handling Access Requests(published 9 June 2016)
Information and considerations for organisations in handling requests for access to personal data, including sample access request and acknowledgement forms.
- Guide on Data Protection Clauses for Agreements Relating to the Processing of Personal Data(published 20 July 2016)
Information, considerations and sample clauses for organisations when engaging vendors to provide services relating to the processing of personal data.
- Guide on Building Websites for SMEs (updated 10 July 2018)
Information which SMEs may consider when setting up websites that collect or store personal data and the considerations to be taken when outsourcing such works to IT vendors.
The section on IT Vendor's Responsibilities has been updated to include documentation requirements. Additional tips on passwords have also been added to the Access Control section.
- Guide to Disposal of Personal Data on Physical Medium (updated 20 January 2017)
Information on the disposal of physical medium (largely paper) containing personal data and examples of the different ways of disposal which organisations may consider adopting.
Chapter 9 was updated on disposal chain control, and new examples added.
- Guide to Preventing Accidental Disclosure When Processing and Sending Personal Data (published 20 January 2017)
Information that highlights good practices for organisations that process and send physical documents or electronic communications containing personal data.
- Guide to Data Sharing (updated 1 February 2018)
Information to help organisations determine whether they may share personal data and how to do so, including a framework for Data Sharing Arrangements (DSAs) to be exempted from certain Data Protection Provisions under the PDPA.
The section on DSAs has been updated in line with the positions taken in PDPC's Response to the Public Consultation on Approaches to Managing Personal Data in the Digital Economy.
- Guide to Developing a Data Protection Management Programme (published 1 November 2017)
Introduces a systematic framework to help organisations establish a robust personal data protection infrastructure.
- Guide to Data Protection Impact Assessments (published 1 November 2017)
Introduces key principles and illustrations for conducting a Data Protection Impact Assessment, which is a process that identify, assess and address personal data protection risks.
- Guide to Basic Data Anonymisation Techniques (published 25 January 2018)
Information and examples on anonymisation concepts and techniques for personal data.
- Guide to Printing Processes for Organisations (published 3 May 2018)
Information to assist organisations and print vendors to put in place adequate measures in their printing processes to protect personal data against unintended disclosure.
- Technical Guide to Advisory Guidelines on the PDPA for NRIC and Other National Identification Numbers (published 31 August 2018) *NEW*
Information to provide organisations with tips for the replacement of national identification numbers as a way of identifying individuals in their websites and other public-facing computer systems.