What You Need To Know About Data Protection Officers

What You Need To Know About Data Protection Officers

Did you know that the recent Personal Data Protection Act (PDPA) 2017 annual industry survey findings have highlighted that there are still a significant number of organisations who are not sufficiently aware of their responsibilities under the PDPA^[1]? In light of these results, the watchdog has been reaching out to increase awareness and compliance with the PDPA.

The Role of a Data Protection Officer (DPO)

To ensure that organisations in Singapore are on the correct path, it is mandatory under the PDPA to appoint a Data Protection Officer (DPO)^[2]. The DPO oversees an organisation’s data protection responsibilities and ensures compliance with the PDPA. Organisations are free to decide (according to their size and needs), whether the DPO function should be a dedicated responsibility or an additional function within an existing role in the organisation.

The DPO’s responsibilities include:

• Ensuring that the proper policies and processes for managing personal data are established and enforced and are compliant with the PDPA
• Promoting a data protection culture among team members within the organisation and ensuring stakeholders are aware of personal data protection policies and best practices
• Liaising with the PDPC on data protection matters^[3]
• Handling possible complaints or queries regarding an organisation’s protection of personal data
• Promptly informing management of any possible data protection risks^[4]

Practicing Good Data Protection Habits

Good data protection habits should be practiced by everyone, not just the DPO. Human Resource (HR) employees within an organisation are often targets of criminals as they are the keepers of personal data. HR employees should be diligent and store physical data correctly and securely. This can be done by storing confidential physical documents in a lockable cabinet that is only accessible authorised persons.

A reporter form Yahoo News Singapore last year wrote about the wealth of confidential information available to the public through carelessly disposed of paper documents^[5]. Sensitive information such as NRIC numbers, work permits and photocopies of passports can be easily mined with dire consequences such as identity theft. Organisations can reduce the risk of a physical data breach by implementing simple security policies such as:

• Shred-it All Policy – ensures that all documents are fully and securely destroyed
• Clean Desk Policy – helps to protect your organisation and encourages better productivity for employees
• Security Reminder Posters – serve as a reminder for employees to keep in mind their information security responsibilities

Having a DPO and practicing good data protection habits work hand in hand in reducing the risk of data breaches. Fostering a good data protection culture also reaps the benefits of enhanced trust and goodwill with existing and potential customers.

Start Protecting Your Business

To learn more about how Shred-it can protect your documents and hard drives, please contact us for a free quote and security risk assessment.