Data Protection Management

Demonstrate sound and accountable data protection practices are put in place in the organisation. Develop a Data Protection Management Programme (DPMP) that covers policy, people and process, and operationalise the DPMP through guidelines and SOPs that can effectively handle personal data at various stages of its lifecycle.

Proficiency Level 1Proficiency Level 2Proficiency Level 3 
Monitor and assess the organisation’s personal data protection policies and practices in order that they comply with the PDPA. Develop and implement a DPMP that covers policy, processes, and people for the handling of personal data at each stage of its lifecycle.

Define a robust data protection strategy and drive the adoption of best practices to safeguard personal data and minimise the risk of personal data protection breach.



Risk Management (Data Protection)

Identify, assess and manage existing and potential data breach risks which impact the operation and/or profitability to the business as well as the development and roll out company-wide strategies and processes to mitigate risks associated with the collection, use, disclosure and storage of personal data, minimise their impact or effectively manage such risks.

Proficiency Level 1Proficiency Level 2Proficiency Level 3
Identify risks associated with the collection, use, disclosure and storage of personal data and their impact and propose measures to manage risks.Assess current and potential risks within a defined functional  area, and develop risk countermeasures and contingency plans.Manage threats and potential risks, and define the overarching personal data protection-related risk management strategy for the business.



Data Breach Management

Manage personal data breach incidents, which include containment of breach, assessment of impact and risk involved, notification to relevant regulators and stakeholders and implementation of prevention policies and processes.


Proficiency Level 1Proficiency Level 2Proficiency Level 3
Provide timely updates on incident and status reporting, and identify the affected individuals, systems, and types of personal data involved.

Design a data breach management plan and review recommendations for alternate recovery processes and back up procedures.

Anticipate future needs of the organisation's personal data protection infrastructure, and apply relevant global best practices to the organisation's data breach management plan, policies and guidelines.




Stakeholder Management

Manage stakeholders’ expectations and work with the stakeholder to apply change management for alignment with the organisation’s goals, policy, processes or technologies. This involves planning of actions to implement strategies for effecting change, effective communication with stakeholders, training for staff, and education on personal data protection policies and practices.


Proficiency Level 1Proficiency Level 2Proficiency Level 3

Identify and map out the key stakeholder relationships, needs and interests, and coordinate with stakeholders on a day-to-day basis.

Serve as the organisation's personal data protection main contact point for stakeholder communications, clarifying responsibilities among stakholders, and engaging them to align expectations.

Define a strategic stakeholder management roadmap, and lead in regional and group-wide Data Protection-related discussions and negotiations, addressing escalated issues or problems encountered.



Data Protection Audit & Assurance

Develop a compliance processes and audit plan for the organisation to review adherence to personal data protection policies and processes. This also includes the actual conduct / audit checks on the business functions within the organisation and data intermediary undertaking the outsourced work.

Proficiency Level 1Proficiency Level 2Proficiency Level 3

Conduct audits, analyse results and implement changes to address identified gaps.

Utilise a checklist to provide evidence of data protection policies and processes are implemented and practicsed on the ground.

Develop and enhance compliance processes based on an evaluation of gaps in business operations and data protection requirements.

Propose solutions to identified areas of improvement and work with stakeholders to ensure gaps are remedied.

Establish audit and compliance strategy and objectives for the organisation, ensuring robustness of internal controls are strengthened.

Align the organisation’s data protection policies and processes to be consistent with the relevant data protection standards in other countries and applying them to improve data protection management.



Data Governance

Establish a data governance strategy that supports both data protection and innovation. It includes the implementation of a governance structure for making decisions on data-related matters, defining the roles and responsibilities of each officer identified in the organisation. This would require understanding of the business domain/imperatives in order to determine and balance the need to safeguard data and to derive business value through the innovative use of data.

Proficiency Level 2Proficiency Level 3

Develop and implement organisational-level data governance strategy and structure to support the decision making process on data-related matters and enforce adherence to data policies, procedures, and practices within the organisation.

Establish a group/regional-level data governance strategy for data protection and innovation, and develop a data governance structure to guide policies and practices.



Data Ethics

Develop and promote adoption of ethical principles to improve transparency, accountability, mitigate business risk of poor ethical decisions and practices, and auditability for stakeholders. The competency includes implement global and industry best practices across the organisation for ethical considerations to be incorporated into data driven/AI initiatives that will build consumer trust and confidence.

Proficiency Level 1Proficiency Level 2

Identify unethical practices throughout the data supply chain and mitigate business risks through ethical controls.

Develop a code of ethics and establish robust ethical controls throughout the data lifecycle and supply chain.



Data Sharing

Establish processes and procedures that enable the organisation to share and utilise data in an effective manner. This includes performing data valuation to assess and value data for sharing, and integrating the data of the organisation to ensure their viability and ability to drive business value.

Proficiency Level 1Proficiency Level 2

Implement personal data sharing policies with strategic utilisation and exploitation of data assets to generate business value for the organisation.

Guide business functions to take the appropriate approach for sharing of personal data and data valuation within the organisation or group of organisations when developing new products or services.



Data-driven Design Thinking

Incorporate personal data protection requirements as part of the design thinking processes for data-driven activities. This requires integration of user-centric experience with the personal data protection management and business strategy. A cohesive data-driven design journey will include reviewing of the organisation's processes to support the development of new products or services. Contribute to the organisation’s data-driven design thinking process by ensuring that the data that are obtained, processed or shared as part of the development of innovative products and services are handled according to relevant data protection regulations.


Proficiency Level 1Proficiency Level 2

Advise on best practices and PDPA obligations so that organisation continue to comply with local data protection requirements while it strive towards developing innovative products and services to improve customer experiences.

Apply design-thinking approach to develop new Data Protection services or tools to address the internal stakeholders’ challenges in complying with the organisation’s data protection policies and processes. 


Last updated on 17 July 2019