We recommend that companies operating in Singapore review their standard service agreements and existing agreements with suppliers to ensure they comply with the standard clauses. As a general rule, an organization that contracts for data processing remains, by law, primarily responsible for these processing activities, even if a breach is caused by the contractor. This is why the terms of the service contract in which the organization hires the contractor are extremely important. The guidelines provide detailed information on the complexity of the responsibilities of international data protection rules. “Data, true or not, of a person who can be identified from this data; or from this and other information that the organization has or should have access to. These include unique identifiers; photographs or video images of a person; and all the data that, together, would be able to identify the person. While much of the content of the sample clauses is consistent with generally proven trade agreements on data processing, there are a few points to remember: The Personal Data Processing Agreement (PDPA) contributes to the UW`s privacy values and principles and addresses laws and regulations governing the protection of personal data. The data protection authority also defines the purpose and parameters of data processing and clarifies the roles and responsibilities between the UW and a contractor. Are you ready for the RGPD or the EU`s General Data Protection Regulation? After all the adjustments you may have already made to the Singapore Data Protection Act (PDPA) in 2014, you may think that you have already protected your customers` personal data. But the RGPD is very different from the PDPA. “Any specific, explicit and unequivocal indication of the person`s wishes for a clear positive statement or action to give consent to the handling of personal data about him or her” The Singapore Data Protection Commission (PDPC) continues to be actively involved in the development of advice guidelines and practical guidelines to assist companies in complying with the Personal Data Protection Act 2012.
Last week, the PDPC released several new guidance documents to help companies develop and verify their data management practices (the “guides” available here): explains how a contractor should react when it discovers a data breach. In addition, UW can determine how its compliance obligations and communication with and/or support from individuals who have entrusted their personal data to UW can best be managed. “The EU General Data Protection Regulation (GDPR) replaces Data Protection Directive 95/46/EC and aims to harmonize data protection legislation across Europe, to protect and strengthen the data protection of all EU citizens and to reorganise the way regional organisations attack data protection.” – Processing data that individuals would consider intrusive or reasonably unlikely when their personal data was first uploaded to the UW. Standard clauses require, among other things, contractors to use personal data solely for the purpose of providing services or to comply with the law; Implementing specific agreed security measures; processing personal data only in Singapore, unless it agrees; Limit access to personal data to only certain people return or destroy personal data after the termination or expiry of the contract; Take appropriate steps to ensure the accuracy of personal data and inform the organization of any violations.