Undertakings
PDPC may accept an undertaking from an organisation that has potentially contravened the Personal Data Protection Act 2012 (“PDPA”). The process is intended to allow organisations to implement a remediation plan that will not only rectify the immediate breach, but also address any systemic shortcomings to ensure compliance with the PDPA on a continual basis. In considering whether to accept an undertaking, PDPC will examine the effectiveness of the remediation plan proposed by the organisation, and the organisation’s readiness to implement it.
For more details, please refer to PDPC’s Guide on Active Enforcement.