Logo

Personal Data Protection Act (PDPA) 2010 and Standards 2015 and Implementing Compliance

Overview

Privacy is not an additional afterthought. It is a non-negotiable prerequisite.
 
With the exception of data usage in public transit, every company operating in Malaysia, local or foreign, that processes any kind of information must comply with the terms and conditions of the Personal Data Protection Act (PDPA) 2010.
 
This two-day course offers an intimate and analytical study of the PDPA and the legal pitfalls companies must avoid in order to safeguard their confidential data and the privacy of their employees. An emphasis shall also be given on the latest amendments and legislation that correspond to the PDPA.
 

 

 

Learning Outcomes

By the end of the Personal Data Protection Awareness training course, delegates will be able to:

  • Understand the application of the Personal Data Protection Act 2010 and its related offences as a result of non-compliance.
  • To reorganize daily workplace practices to be in stricter compliance with the data security measures in the PDPA.
  • Develop principles and mechanisms to detect and prevent unauthorized management and dissemination of Personal Data.
  • To develop and execute a "Risk Based Compliance Inspection Plan" to protect personal data.

Who Must Attend

[1] Directors, Chief Executive Officers, Chief Financial Officers, General Managers, Human Resource Managers, Compliance Officers. Marketing & Sales Managers, Business Entrepreneurs, Legal Advisor.
 

 [2] Delegates who handle personal data on a regular basis as part of their job functions from the following departments: 
 
• IT Legal & Compliance 
• Human Resources 
• Customer service 
• Internal Audit 
• Sales & Marketing 
• Accounting & Finance 

Course Details

Module 1: Personal Data Protection Challenges At the Workplace

  • Introducing PDPA 2010
  • The main Ingredients of PDPA 2010
  • Understanding Section 6 and Consent
  • Forms of Consent -Implicit/Validity/Explicit and how to be compliant
  • Managing Consent -How to obtain/Who consents/The process and compliance
  • Sensitive Personal data and consent
  • Ten Challenges for PDPA in the Digital Economy
  • Personal Data and Cloud computing
  • Guidelines on understanding Purpose under Section 6 PDPA 2010.

Module 2: Transparency of Data Handling and the Right To Be Forgotten

  • Primary duties of Data User under Section 7 PDPA 2010
  • Data User subject to Audit and Inspection
  • Due Diligence and role of Data User
  • Statutory duties of Data User under PDPA 2010
  • When must Notice be given
  • Elements for Notice S.7 Compliance – How to collect / Means of sources / Disclosure to Third parties and rights of Data Subject
  • Channels of communication – Best practice

Module 3: Issues and Implications of the Principles

  • Disclosure Principle and guidelines on when you can refuse to disclose or partially disclose;
  • Guidelines and understanding the Retention Principle and how it relates to Employees and former employees;
  • Guidelines on Disposal of Records as per Retention Principle - Reasons for destruction/Destruction Methods/documentation for disposal/Checklist
  • Guidelines and understanding the Data Integrity Principle
    Access Principle and guidelines on how and when to grant excess to access requests.

A discussion on how the principles will be used in the compliance system of the company.

Module 4: Security Guidance and Privacy Impact Assessment
This module looks at what constitutes a Personal data security breach and how such breaches can occur. It also considers how to avoid breaches, and the practical steps that should be taken when a breach occurs.

Key aspects of this module include:

  • Analysis of the Security Principle under Section 9 PDPA
  • How security principle used in relation to Nature of Data / Location / Third Party Outsourcing / Measures
  • Do’s and Don’ts of Data Security and Common Breaches as highlighted by MCMC / PDP office.
  • Data Security Standard -Implementation and Compliance
  • Assessing Risks and Impact
  • Compliance with Inspection Requirements

Module 5: Commissioner and understanding powers under S.104 to S.109 PDPA 2010

  • Powers of Investigations by PDP Officers
  • Penalties for Obstruction and search / seizure of data
  • Criminal Offences and Liabilities under the PDPA 2010
  • Punishment for contravention of the Act
  • Offences by body corporate
  • Contravention of the personal data protection principles
  • Processing of sensitive personal data in contravention to Section 40
  • Unlawful collection or disclosure of personal data
  • Personal Data Protection (Compounding of Offences) Regulations 2016

Module 6: [1] A Risk Based PDPA Compliance

  • Data Illegality
  • Data Irregularity
  • Untenable Data Support
  • Data Leak and Abuse

CASE STUDIES ON BREACH
2] Creating a high level data map

  • How to map this approach?
  • Turning data map into a data register
  • Reassurance and Risk
  • Operationalise Data Protection, and keep it living
  • identifying personal information to support the initial data map
  • Data Protection Impact Assessment template

Compliance for Section 6

  • Samples on Purposes for Section 6 and Guideline on how to draft the Purpose clause in documents
  • Effect of Personal Data Protections Regulations 2013
  • Drafting consent clause for marketing of products
  • Sample clauses for withdrawal of consent
  • Drafting caution into letters.

Compliance for Section 7

  • Discussion on Drafting the Consent Notice for various categories of Business sectors
  • Discussion on Drafting Consent Notice for Application forms/ Interview forms/ Confidentiality clauses on consent etc
  • Drafting the Notice and understanding how to draft the purpose clause in the Notice
  • Guidelines on different categories of Notices

Module 7: Compliance for The Personal Data Protection Standards 2015 [Mandatory]

  • The Data Security Standard distinguishes between conventional and electronic data management and prescribes various security measures in relation to each.
  • Data Retention Standard
  • Data Storage Standards
  • Data Integrity Standard
  • Data Security Standard

Module 8: Data Governance Strategies

  • Building awareness for all staff
  • Organisational and Operational measures
  • Benchmarking goals/objectives
  • Documentation and Audit
  • Implementation

Module 9: Updates 2019 – Proposed law to be introduced

  • Data Breach Notification
  • Details of the Data Breach
  • Containment or Control measures
  • Containing the Breach – Steps to take
  • Notification procedure
  • Format provided for DBN

Methodology

METHODOLOGY Interactive lectures, discussion, Q & A and Activities on all modules.
Materials:
1. Participant Booklet
2. Personal Data Protection Act 2010 [Relevant sections]
3. Standards 2015
4. Compliance Audit Checklists -Organizational and Management Issues
5. Adequacy Audit Checklists
6. Process Audit Checklist

Course Leader

R. KRISHNA MOORTHI Designation: Advocate & Solicitor
Professional Qualification MBA (Management), UKM
Professional Qualification LLB)Hons) London University of East London
Professional Certificate in Legal Practice 

Mr. Krishna was previously the Legal Manager in 2012 for a renowned franchise company in Kuala Lumpur for approximately 7 years and an active legal and corporate advisor to the CEO and group of companies. He had drafted many commercial agreements for the company including international clients from UAE, China, Jordan, Philippines which required his expertise. When PDPA was implemented in 2012, Mr. Krishna was asked by the CEO to formulate a PDPA procedure and compliance form, and he was the compliance officer to monitor the data received and used by the company. All departments within the organization had to refer to him to get approval to use personal data gathered from business owners for purposes of direct marketing. He had to strike a balance between the company’s interest and consumers to avoid breach of the PDPA 2010. He had extensive experience in the field and highly respected in the franchise industry and governmental agencies. Mr. Krishna is a formidable Advocate & Solicitor in various areas of law that he has represented and has always complied with the requirements of the law.
 
OR 
 
Other professional trainers.


To contact Mr Krishna for any speaking, training and consultancy engagements, :
please contact us at +603 8074 9056 | Mobile +6012 6869  628 | +6018 2735 123 or email: info@iTrainingExpert.com

Testimonies

“I had limited knowledge one PDPA before attending this course. The training helped me to understand the process necessary to be put in place in the company. It’s driven me to re-read and further gain additional knowledge on PDPA.”– Hana Rabi, Media Prima CJ O Shopping Sdn. Bhd.

“This training taught me the practical side of PDPA and made me feel much more knowledgeable about the law. The trainer is very good and has a vast knowledge of PDPA. If there are any other programs on say public speaking, I’d be interested to attend those.”Nurul, Clinical Research Malaysia.
 

"It has been an interesting sessions where the workshop has significantly increased my awareness on Personal Data act and its implications," S. Ryder, CEO, Eagleburgmann (M) Sdn Bhd
 

"After asking lots of questions during the workshop, I am more aware of my rights in giving out my pesonal data" KH, Chong, Eagleburgmann (M) Sdn Bhd
 

“From this PDPA course, I gained a lot of information that I need to know about PDPA which help in at work.”  – HR, UMP Holdings Sdn Bhd. 
 
“During the course, I learned that this course is directly applicable to my daily work. After the course, I feel that this PDPA should be carefully implemented to protect the company. This PDPA is a very good training. This Personal Data Protection Act course is a very useful course for anyone who is working in a corporate environment. Now I more aware on matters related to Personal Data Protection Act.” – Managing Director, UMP Holdings Sdn Bhd.  

 

Investment

Normal fee
Sign up 1 pax
Pay before course starts
MYR 1,390.00 per pax
USD 400.00
Early Bird
Sign up 1 person
Pay 14 days before course starts
MYR 1,090.00 per pax
USD 320.00
Group Fee
Sign up 3 pax or more
Pay 14 days before course starts
MYR 990.00 per pax
USD 290.00

E-Certificate
Upon successful completion of this program, you will receive a e-Certificate of Achievement. 

Payment mode:

1. Online Payment  by Credit card:  You can opt to register and pay online with our latest payment integration system through our website.

2. Telegraphic Transfer- You can also opt to use GIRO or telegraphic transfer of payment via international banks.

Contact us: ITRAININGEXPERT GLOBAL PLT
Tel:+603 8074 9056 | +603 8082 3707
Mobile: +6012 6869 628 | +6018 2175 123
Email: info@itrainingexpert.com
Website: www.iTrainingExpert.com

 

Registration Details

Select Course

Select Registration Type



IN HOUSE ENQUIRY

Related Courses

  • Drafting Commercial Contracts: Tenancies & Lawful Evictions

    In today's highly competitive and cost-conscious environment, understanding and managing your business or commercial contracts to avoid liability is an important part of business activity. Over 85% of business transactions are governed by contracts.

    Read More

  • Service Level Agreements (SLA); Understanding Buyers & Vendor Roles

    This training course will benefit all levels of personnel engaged in purchasing and procurement, commercial and contracts management departments, and technical operatives, Legal Counsels, Engineers providing performance under service level agreements

    Read More

  • Finance for Non-Finance Managers

    Learn Finance for Non Finance Training course in dubai to enhance your confidence in understanding figures at work so that you can make better decisions like an accountant and able to hold a logical and informed meeting with the bunch of Finance guys

    Read More