This month, the Commission has issued three Undertakings.

The Undertakings address breaches arising from ransomware attacks and system vulnerabilities, affecting the personal data of over 8,000 individuals across employee databases, membership systems, and physical servers.

To remediate the incidents and strengthen long-term compliance with the PDPA, the organisations involved have committed to measures such as:

• Conducting security audits and patching long-standing system vulnerabilities
• Enhancing firewall and endpoint protections
• Implementing vendor management and firmware update policies
• Implementing data loss prevention tools and regular cybersecurity training

The PDPC has accepted these Undertakings after considering the nature of the incidents, the types of personal data involved, and the remedial steps committed by the organisations.

Access the Undertakings here.