Step 1: Appoint a Data Protection Officer (DPO)
Designate at least one person to develop your organisation’s personal data policies and oversee compliance with the PDPA. The DPO function may be a dedicated responsibility or an additional function within an existing role in the organisation.
Find out more about the DPO’s role here.
Step 2: Map Out Your Personal Data Inventory
Develop an inventory of all the personal data that your organisation has, and capture details of the data lifecycle from collection to disposal.
This includes, but is not limited to:
- How and where the data was collected;
- Whether and how consent was obtained;
- The purpose of collecting the data; and
- How it is being used.
Auditing and indexing the inventory will enable your organisation to manage its personal data records more effectively.
Step 3: Implement Data Protection Processes
With the personal data inventory in place, your DPO should review the organisation’s personal data protection practices and align them with the PDPA.
Please refer to the Guide to Developing a Data Protection Management Programme for more information.