Logo

Personal Data Protection Act (PDPA) 2010 and Standards 2015 and Implementing Compliance

Overview

YB Dato' Sri Ahmad Shabery bin Cheek, Minister of Communications and Multimedia, has made announcement that the Personal Data Protection Act 2010 ("PDPA") comes into operation on 15 November 2013. With PDPA coming into force, data users will have a three-month transitional period to comply with its provisions in respect of existing personal data being processed, but will have to immediately comply with its provisions in respect of new personal data collected. 

The penalties for breaching the PDPA include the imposition of fines of up to RM500,000 and/or a term of imprisonment not exceeding two years. Directors, CEOs, COOS, managers or other similar officers have joint and several liability for non-compliance by the body corporate, subject to the due diligence defence. 

Will this affect me?

Both the public and private agencies who process their customers' personal data will need to reevaluate their current data privacy policies, processes and personal data management. Indiviuals will now have a new set of mandated rights, whereby they need to be informed about their personal data as well as the rights to access, correct and also to control the procession of the personal date by other parties.
 

Does this apply to my company?

This act is applicable to Malaysian companies that process personal data. Non-Malaysian companies who use equipment in Malaysia to process personal data is also subject to the PDPA. For non Malaysian companies, a designated Malaysian representative is required in this case. 

This training is specially crafted for those who need to know more about personal data protection and who has contact with personal data on a regular basis. 

There are some new regulations coming into Malaysia as of 25th May 2018. These regulations are known as the EU GDPR. The full name is European Union General Data Protection Regulation 2016 and malaysian companies dealng with EU data or storing their HR data in their EU parent company are bound by these regulations.

The implications for businesses that fall under the remit of the EU GDPR are significant. Organisations, which fail to comply will be subject to a fine of up to 4 percent of global turnover, or EUR 20 million, whichever is greater.
 

Learning Outcomes

By the end of the Personal Data Protection Awareness training course, delegates will be able to:

- Understand, implement and ensure compliance to the PDPA
- Understand, implement and ensure compliance to the EU GDPR (latest update)

Who Must Attend

[1] Directors, Chief Executive Officers, Chief Financial Officers, General Managers, Human Resource Managers, Compliance Officers. Marketing & Sales Managers, Business Entrepreneurs, Legal Advisor.
 

 [2] Delegates who handle personal data on a regular basis as part of their job functions from the following departments: 
 
• IT Legal & Compliance 
• Human Resources 
• Customer service 
• Internal Audit 
• Sales & Marketing 
• Accounting & Finance 

Course Details

Module 1: Data Protection At the Workplace
Discussion on General Principles on Personal Data Protection Act 2010
This module will look at how to:

    - Appreciate who and what is covered by Personal Data Protection rules
    - Understand the organisation’s policy and aims on personal data use
    - Overview of the Act
    - Know and apply the core principles for personal data use

Module 2: Criminal Offences and Liabilities under the PDPA 2010
    - Punishment for contravention of the Act
    - Offences by body corporate
    - Contravention of the personal data protection principles
    - Processing of sensitive personal data in contravention to Section 40
    - Unlawful collection or disclosure of personal data

Module 3: Notice and Choice Principle
    - When do you need to seek the consent of data subjects?
    - How do you seek consent and exemptions to consent
    - Channels of serving Notice to employees, contractors, supplies, vendors and visitors
    - Guidelines on Consent
    - Recognise when, and for what purpose staff / customer data may be used
    - Questions to ask when collecting Data.

Module 4: Compliance: The What, When and How
    - What do companies need to do in order to comply?
    - When do companies need to fully comply?

The Employer’s Perspective: Change of Approach Required?
The series of changes intended to be brought about by the Act will invariably affect the way employers approach employment issues where the employees’ personal information is involved.

    - Understanding applications to Employment Relationships
    - Understanding how the Employment Act 1955 affects Personal Data
    - How do companies set up an effective compliance framework?
    - Guidelines on understanding Purpose under Section 6 PDPA 2010.

Module 5: Issues and Implications of the Principles
    - Disclosure Principle and guidelines on when you can refuse to disclose or partially disclose;
    - Retention Principle in relation to Employees and former employees;
    - Data Integrity Principle
    - Access Principle
    - Activities relating to each Principle will be done.

Module 6: Benefit and Risks
    - Benefits and challenges in being PDPA complaint
    - Understanding the implementation of PDPA and the stages of Employment that is  
      Pre/Beginning/During and End of Employment.
    - Potential privacy related risks to organisations
    - Case study on personal data issues and impacts

Module 7: The Personal Data Protection Standards 2015
    - The Data Security Standard distinguishes between conventional and electronic data management
       and prescribes various security measures in relation to each.
    - Data Retention Standard focuses
    - Data Storage Standards
    - Data Integrity Standard
    - Data Security Standard

Module 8: Human Resource Department and PDPA principles
For Human Resources departments, meeting the requirements of data protection law can be particularly challenging. Holding and handling staff information carries significant legal responsibilities and risks. This module discusses key areas of compliance issues.

    - Ensuring that the recruitment and selection process meets legal requirements, including the content of  
      application forms, pre-employment vetting, criminal records, medical checks and the interview process
    - Retaining staff records, and appropriate periods of time for keeping information
    - Dealing with staff information requests – what must be disclosed and can be withheld
    - Disclosing staff information to outside third parties –the legal requirements that must be met before staff
       information can be sent outside the organisation
    - References and the rights of ex-members of staff
    - Monitoring staff activities and communication including using Managers, CCTV cameras and website
       technologies
    - Outsourcing functions to third party providers

Module 9: Security Guidance
This module looks at what constitutes a Personal data security breach and how such breaches can occur. It also considers how to avoid breaches, and the practical steps that should be taken when a breach occurs.  Key aspects of this module include:

    - Analysis of the Security Principle under Section 9 PDPA
    - Managing Information security
    - Data Security Standard -Implementation
    - Understanding risks to Personal Information
    - Taking a holistic approach to data security – staff vetting and access and other important organisational 
      measures that should be implemented
    - Knowing what to do in the event of a data protection breach

The Principles 2010 and Standards 2015 will provide protection to the individual’s personal data, thereby safeguarding the interests of consumers, and e-commerce, network and non network facility practitioners.

Module 10: European Union's General Data Protection Regulation (GDPR)
    - Why was the GDPR drafted?
    - When will the GDPR apply?
    - Who does the GDPR apply to?
    - Understanding the compliance to GDPR in details
 

Methodology

Interactive lectures, Activities, and discussion.
 
Personal  Data Protection Checklist  For Organisations will be emailed to Human Resource Manager to be shared with the Pro-tem Committee as a guide on the implementation exercise. 

Course Leader

AMBIGAH K
LL.B (Hons) London, CLP (Malaysia), TESOL (Canada)

Ambigah has 15 years of training and lecturing experience on legal topics including civil litigation like employment matters, company, corporate and banking issues. She is a PSMB licensed corporate trainer and Corporate Legal Adviser who has a vast  professional experience in the training industry.  She has excellent communication, writing, people and class management skills.
 
Work Experience 
 
- Trained and lectured for private companies and government entities.  Participants made up of managers, CEOs, CFOs, corporate and government support staff and executives.

- Legal Experience includes civil litigation like employment matters , company ,corporate and banking issues.
- Conducted seminars for Employment law including on mock Industrial hearings of Domestic Inquiries and the Personal Data Protection Act 2010 which includes follow up legal advice for Pro-tem comittees on PDP implementation and drafting of Consent letters as required under the Act.

- Trained for  the Federation of Manufacturers of Malaysia (FMM).

- Involved in advise and drafting of Human Resource policy and procedures. Also in the drafting of legal  letters and advice of legislation pertaining to proper administration of Human Resource issues.

- Some of the in-house and public programs include those from, NIAM (Persatuan Insuran Kebangsaan Malaysia), Honda, Petronas Fertilizer (Kedah), Suruhanjaya Syarikat Malaysia, Sime Darby, Malaysia Multimedia Commission, Penang Bridge Sdn Bhd., Solectron, Bax Global, TM, Yan Jin (M), Cititel Penang, Evergreen Laurel Hotel, Government Teachers in various schools, Smart Modular, Kwong Wah Yit Poh Press Berhad, Vitrox Technologies, Staff of UITM, Bank Negara, Dimerco Sdn.Bhd, G-Pile Sistem Sdn.Bhd., Masterskill (M) Sdn.Bhd, Subalipack (M) Sdn.Bhd, Mitsubishi Motors Malaysia Sdn.Bhd, Sumitomo Metals Sdn Bhd, Lembaga Koko, MARA and other government agencies and many more.


In summary, Ambigah

- When not conducting training programs, Ambigah Krishnan tends to her legal consultation especially in the corporate field.
- Legal programs enhanced with Legal Practitioner’s advice and opinions.  Imparting experience as Legal advisor and Litigation lawyer to be part of teaching of legal programs.
- Able to combine the elements taught in a specific program both soft skills and Legal with real life requirements for those on the job.


To contact Ms Ambigah for any speaking, training and consultancy engagements, :
please contact us at +603 8074 9056 | Mobile +6012 6869  628 | +6018 2735 123 or email: info@iTrainingExpert.com
 

Testimonies

“I had limited knowledge one PDPA before attending this course. The training helped me to understand the process necessary to be put in place in the company. It’s driven me to re-read and further gain additional knowledge on PDPA.”– Hana Rabi, Media Prima CJ O Shopping Sdn. Bhd.

“This training taught me the practical side of PDPA and made me feel much more knowledgeable about the law. The trainer is very good and has a vast knowledge of PDPA. If there are any other programs on say public speaking, I’d be interested to attend those.”Nurul, Clinical Research Malaysia.
 

"It has been an interesting sessions where the workshop has significantly increased my awareness on Personal Data act and its implications," S. Ryder, CEO, Eagleburgmann (M) Sdn Bhd
 

"After asking lots of questions during the workshop, I am more aware of my rights in giving out my pesonal data" KH, Chong, Eagleburgmann (M) Sdn Bhd
 

“From this PDPA course, I gained a lot of information that I need to know about PDPA which help in at work.”  – HR, UMP Holdings Sdn Bhd. 
 
“During the course, I learned that this course is directly applicable to my daily work. After the course, I feel that this PDPA should be carefully implemented to protect the company. This PDPA is a very good training. This Personal Data Protection Act course is a very useful course for anyone who is working in a corporate environment. Now I more aware on matters related to Personal Data Protection Act.” – Managing Director, UMP Holdings Sdn Bhd.  

Investment

Normal fee
Sign up 1 pax
Pay before course starts
MYR 1,590.00
USD 450.00
Early Bird
Sign up 1 person
Pay 14 days before course starts
MYR 1,390.00
USD 400.00
Group Fee
Sign up 3 pax or more
Pay 14 days before course starts
MYR 1,290.00
USD 370.00

(Fee inclusive of Buffet Lunch, Refreshment, Welcome Pack, Training Materials & Certificate of Achievement)
 

Certificate
Upon successful completion of this program, you will receive a Certificate of Achievement. 
Certificates are distributed on the final day of the program.
 

Payment mode:

1. ONLINE PAYMENT  by Credit card:  You can opt to register and pay online with our latest payment integration system through our website.
 

2. BANK IN CHEQUE
Bank in and then scan the Bank-in slip and email to us before the course commence to confirm your seat.
Courier your cheque payment to our Finance HQ.
* Note that we DO NOT take any payments during the event.

3. BANK IN CASH: You can also pay by cash through bank-in our company bank account.

4. Telegraphic Transfer- You can also opt to use GIRO or telegraphic transfer of payment via international banks.

Contact us:
ITRAININGEXPERT GLOBAL PLT
Tel:+603 8074 9056 | +603 8082 3707
Mobile: +6012 6869 628 | +6018 2175 123
Email: info@itrainingexpert.com
Website: www.iTrainingExpert.com

 

Registration Details

Select Course

Select Registration Type



IN HOUSE ENQUIRY