Post on 24-May-2015
description
HALF-DAY PUBLIC SEMINAR ON MALAYSIAN PERSONAL DATA
PROTECTION ACT (PDPA) 2010
25 July 2011, Monday, 9.30 am – 12 pmLegal Training Room, Menara SSM @ Sentral
By Noriswadi Ismail
Quotient Consulting
04/12/23 (c) 2011 Quotient Consulting, Information Is Invaluable
Vignette 1
04/12/23 (c) 2011 Quotient Consulting, Information Is Invaluable
Harimau Malaya, Malaysian, holds a Malaysian ID, passport, driving license, 3 Malaysian bank accounts, 2 mobile accounts and 5 loyalty membership cards. His details are also registered in 2 private clinics, 1 government hospital and 2 insurance companies. He has 1 bank account in London and Hong Kong respectively. He travels frequently for business and golfing. He is a director of 3 companies in Malaysia, London and Hong Kong. Also, an avid golfer of 3 golf clubs (Malaysia, Indonesia and Scotland).
Executive Summary
Q: What is PDPA 2010?
Q: Why we need to comply with PDPA 2010?
Q: What are the 7 data protection principles?
Q: Will PDPA 2010 kill my business operations?
Q: To what extend PDPA 2010 affects your business operations?
Q: We are a start-up and a semi medium sized company, how should we strategise?
Q: When should we start?
Q: Is there any additional compliance cost for this purpose?
Q: How about formality and enforcement?
Q: What’s next and the must-to-do list?
Q: How to ensure such data protection & privacy management sustainable?
04/12/23 (c) 2011 Quotient Consulting, Information Is Invaluable
What is PDPA 2010?
::: An Informational privacy legislation
::: 10 Parts (Preliminary, Personal Data Protection Principles, Registration, Data user forum and Code of practice, Rights of data subject, Exemption, Personal data Protection Fund, Personal Data Protection Advisory Committee, Appeal Tribunal, Inspection, Complaint and Investigation, Enforcement, Miscellaneous, Savings and Transitional Provisions)
::: 146 Sections
::: Jurisdiction: Malaysia
04/12/23 (c) 2011 Quotient Consulting, Information Is Invaluable
What is PDPA 2010?
::: Received Royal Assent on 2 June 2010, and gazetted a week later
::: Compliance commences: 3 months from the date of enforcement
::: Application: To commercial transactions only, not applicable to Federal and State Governments
::: Cross reference to: Electronic Commerce Act 2006’s definition on commercial transactions “…any transaction of a commercial nature, whether contractual or not, which includes any matters relating to the supply or exchange of goods or services, agency, investments, financing, banking, insurance, but does not include a credit reporting business carried out by a credit reporting agency…”
04/12/23 (c) 2011 Quotient Consulting, Information is Invaluable.
What is PDPA 2010?
04/12/23 (c) 2011 Quotient Consulting, Information Is Invaluable
What is PDPA 2010?*Regulator
04/12/23 (c) 2011 Quotient Consulting, Information Is Invaluable
What is PDPA 2010?
04/12/23 (c) 2011 Quotient Consulting, Information Is Invaluable
What is PDPA 2010?
04/12/23 (c) 2011 Quotient Consulting, Information Is Invaluable
Why We need to comply with PDPA 2010?
04/12/23 (c) 2011 Quotient Consulting, Information Is Invaluable
What are the 7 data protection principles?
04/12/23 (c) 2011 Quotient Consulting, Information Is Invaluable
Will PDPA 2010 kill my business operations?
::: Yes, if, your business operations are inconsistent and non compliance with the PDPA 2010’s 7 data protection principles;
::: Yes, if, your business operations do not have the necessary framework, control, management and monitoring of the 7 data protection principles’ requirements;
::: No, as PDPA 2010 enhances trust, value and reputation of your business; and
::: No, as PDPA 2010 seeks to safeguard all of your data
04/12/23 (c) 2011 Quotient Consulting, Information Is Invaluable
To what extend PDPA 2010 affects your business operations?
04/12/23 (c) 2011 Quotient Consulting, Information Is Invaluable
To what extend PDPA 2010 affects your business operations?
04/12/23 (c) 2011 Quotient Consulting, Information Is Invaluable
We are a start-up and a semi medium sized company, how should we strategise?
04/12/23 (c) 2011 Quotient Consulting, Information Is Invaluable
We are a start-up and a semi medium sized company, how should we strategise?
04/12/23 (c) 2011 Quotient Consulting, Information Is Invaluable
When should we start?
04/12/23 (c) 2011 Quotient Consulting, Information Is Invaluable
Vignette 2
04/12/23 (c) 2011 Quotient Consulting, Information Is Invaluable
Keranamu is a Government Consultant who advises on strategic acquisition of certain stakes in Company 76, a public listed company, incorporated in Hong Kong. The proposed acquisition is channeled through a leading Government Investment arm. Company 76 appoints an European-based consultant to act on their behalf in the negotiations.
Is there any additional compliance cost for this purpose?
04/12/23 (c) 2011 Quotient Consulting, Information Is Invaluable
::: Yes, subject to the budget, resource planning & business plans
::: No, if it has been anticipated
How about formality and enforcement?
04/12/23 (c) 2011 Quotient Consulting, Information Is Invaluable
How about formality and enforcement?
04/12/23 (c) 2011 Quotient Consulting, Information Is Invaluable
Vignette 3
04/12/23 (c) 2011 Quotient Consulting, Information Is Invaluable
Truly Asia Travels & Tours has been appointed by some governmental agencies and private companies as their exclusive travel agent. The terms of reference include managing such flight, hotel, travel itinerary and related bookings. The amount of data processing of data subjects, transfers and sharing are done globally.
What’s next and the to-do-list?
04/12/23 (c) 2011 Quotient Consulting, Information Is Invaluable
::: Strategic planning
::: Resource planning
::: Dissemination planning
What’s next and the to-do-list?
04/12/23 (c) 2011 Quotient Consulting, Information Is Invaluable
::: Strategic planning
What’s next and the to-do-list?
04/12/23 (c) 2011 Quotient Consulting, Information Is Invaluable
::: Resource Planning
What’s next and the to-do-list?
04/12/23 (c) 2011 Quotient Consulting, Information Is Invaluable
::: Dissemination Planning
How to ensure such data protection & privacy management sustainable?
04/12/23 (c) 2011 Quotient Consulting, Information Is Invaluable
Vignette 4
04/12/23 (c) 2011 Quotient Consulting, Information Is Invaluable
Hospitals A1, A2 & A3 are government hospitals. These hospitals deal with patients who mostly consist the public and engage with local and international consultants.
Vignette 5
04/12/23 (c) 2011 Quotient Consulting, Information Is Invaluable
Universities B1, B2 & B3 are public universities. These universities engage with local and international students, consultants, international academics and universities globally.
THANK YOU
QC TM
London. Kuala Lumpur. Jakarta
Data Diagnosis | Privacy Impact Assessment | Data Protection & Privacy Strategy
Training | Data Protection & Privacy Certification | Public & Private Consultations
<noriswadi@googlemail.com>
04/12/23 (c) 2011 Quotient Consulting, Information Is Invaluable