Personal Data Protection Act and its Practical Applications

At the end of this workshop, the participants will be able to:
1. Understand what is the Personal Data Protection Act(PDPA).
2. Understand the 9 Key Obligations.
3. Know the meaning of Employment under the PDPA.
4. Understand the meaning of personal data and its application on employment
5. Understand the nine key obligations and its bearing on employment relationship.
6. Understand the process of collection of personal data by HR practitioners.
7. Know the duties of HR practitioners in relation to personal data of job applicants and
8. Understand the role of HR Practitioners in custodian and managing of personal data.

Content :
1. Introduction to Personal Data Protection Act (PDPA)
 Objectives of the data protection regime.
 Definition of business contact information, individual and organisation, data
intermediary ( outsourced payroll vendor ).

2. Meaning of Employment under PDPA
Definition of organisation
Definition of employment agency
Differences between organisation and employment agency in relation to personal

3. Meaning of Personal Data and its application on employment relationship.

4. The 9 Key Obligations under PDPA and its bearing on HR practitioners:
 Consent Obligation
 Purpose Limitation Obligation
 Notification Obligation
 Assess and Correction Obligation
 Accuracy Obligation
 Protection Obligation
 Retention Limitation Obligation
 Transfer Limitation Obligation
 Openness Obligation

5. Collection of personal data by HR practitioners:
i) What constitute to be consent given by job applicants.
ii) What constitute to be deemed consent by job applicants.
iii) Under what circumstances where HR practitioners need not seek consent from
job applicants:
o Personal data publicly available by HR practitioners
o Investigation or proceedings conducted by HR practitioners and its bearing on
o Usage of personal data by HR practitioner for evaluative purposes.
o Document produced in the course of employment.
o Need by HR practitioners for the managing and terminating employment.
o Business asset transaction as required in due diligence context by HR
o Circumstance whereby HR practitioners need to release personal data to the
proper authority.
iv) Withdrawal of consent by employees
v) Access to personal data by HR practitioners
vi) Use of personal data by HR practitioners
vii) Under what circumstances must HR practitioners need to disclosure of personal
viii)Accuracy of personal data furnished by HR practitioners.
ix) Protection of personal data as required by HR practitioners.
x) Retention of personal data as required by HR practitioners.
xi) Liability for breach of personal data by HR practitioners and its bearing on office

6. HR Practitioner and its duties governing PDPA
 Taking the role of Data Protection Officer ;
 Developing good policies for handling personal data in electronic and/or manual
form, that suit your organisation’s needs and comply with the PDPA;
 Communicating the internal personal data protection policies and processes to
customers, members and employees;
 Handling queries or complaints about personal data from customers, members and
 Alerting your organisation to any risks that might arise with personal data; and
 Liaising with the PDPC, if necessary.

7. HR Practitioners as custodian and managing of personal data.
 Set out how the personal data in custody may be well-protected.
 Classify the personal data to better manage housekeeping.
 Set clear timelines for the retention of the various personal data and cease to retain
documents containing personal data that is no longer required for business or legal
 For the transfer of personal data overseas, include the use of contractual agreements
with the organisations involved in the transfer to provide a comparable standard of
protection overseas.