May 23, 2019

Data Protection Officers' Work

Under the Personal Data Protection Act (PDPA) in Singapore, organisations are required to designate at least one employee, known as the Data Protection Officer (DPO), to oversee data protection responsibilities within the organisation. Agencies from both the public and private sectors are subject to the same standards of governing data practices under the PDPA.

In the last year alone, it was reported by CNA[1] that the country's Personal Data Protection Commission (PDPC) processed close to 3,000 data-related cases. These figures are certainly alarming, and it highlights that organisations in Singapore are not living up to expectations outlined by the data regulation watchdog.

Here’s how to get started

Appointed DPOs in every organisation have a crucial role to play in this modern age. For a start, the DPO has to ensure that data protection protocols are implemented, and good data protection habits are also well maintained by employees. DPOs should also regularly attend data protection workshops and refresher courses to further acquire more skills and knowledge in order to carry out their duties more effectively. The DPOs can then share the acquired knowledge with other employees such as personnel from the Human Resource (HR) department as they also handle employees’ data such as CVs, payroll and NRIC numbers.

Risk assessment exercises can be conducted by DPOs to review current data protection policies and flag out potential data security risks. Necessary measures to address these issues can then be implemented by the organisation. Regular internal risk assessments can also be carried out to ensure that the organisation maintains the desired level of data protection at all times.

In addition to that, DPOs are also tasked with educating and encouraging good data protection habits amongst employees within the organisation. For example, the DPO can introduce new data protection exercises such as the Shred-it All Policy and Clean Desk Policy. Partnering with a third-party data destruction provider will also provide an organisation with an all-rounded data security service, such as secure disposal methods. Taking proactive measures to secure your organisation’s data will benefit everyone in the long run – preventing potential monetary and reputational loss.

Start Protecting Your Business
Learn more about how Shred-it can protect your documents and hard-drives by contacting us for a free quote and a security risk assessment.

[1]Kevin Kwang. 2019. Singapore's data privacy watchdog fielded nearly 3,000 cases in 2018: S Iswaran. [ONLINE] Available at: [Accessed 8 April 2019].