Personal Data Protection Act 2010 & Standards 2015 and Compliance Implementation

29 Nov, 2017, Furama Hotel Kuala Lumpur

Register Now
PDF Brochure

IPA Training is Registered with

Learn from the Best

AMBIGAH KRISHNAN
LL.B (Hons) London, Certificate In Legal Practice (Malaysia), TESOL (Canada).

 

Ambigah Krishnan has more than 15 years of training and corporate experience on Law topics. She is a PSMB licensed corporate trainer [Licence No TTT/3886] and Corporate Legal Adviser who has vast professional experience in the training industry. She has excellent communication, writing, people and class management skills.

 

Work Experience
Ambigah Krishnan is an experienced lawyer and trainer and has been involved in civil litigation, employment matters, Employment Law and IR, company matters, corporate, banking issues and Testamentary issues including the writing of Wills. She has trained and lectured for private companies and government entities.

 

Areas Trained
She has conducted courses for the Personal Data Protection Act 2010 & Standards 2015 and is experienced in project management on Personal Data Protection Compliance implementation, Employment law including mock Industrial hearings of Domestic Inquiries, Law relating to Termination under Malaysian Labour law, Employment Law for HR and Non HR Managers, Tenancy laws and Procedure, Drafting Commercial Contracts and Terms, Seminar on Prevention of Staff Fraud in association with PDRM, Entrepreneur seminars for fresh graduates and business community.

 

She has trained for the Federation of Manufacturers of Malaysia (FMM) in areas of Contract law.

 

Publications
Involved in advice and drafting of Human Resource policies and procedures and has written Human Resource Manual for the corporate sector and also is involved in the drafting and advice of Personal data processes, procedures and policies for the implementation of the Personal Data Protection Act 2010 and the Standards 2015 .

 

Ambigah is also actively involved with her legal consultation especially in the corporate field.

 

Industry Experience
Trained for Telecommunication sector, Health sector, Finance sector, Government of Malaysia, Insurance sector, Government Linked Companies, Auto Industry sector and Manufacturing sector.

Venue Details

Furama Hotel Kuala Lumpur
136, Jalan Changkat Thambi Dollah 55100 Kuala Lumpur,
Phone : 03 2788 8888

Click For Hotel Location

Contact us

Juliany,
03 2283 6109
juliany@ipa.com.my

Phoebe,
03 2283 6100
phoebe@ipa.com.my 

FOR CUSTOMISED IN-HOUSE TRAINING
Jane,
03 2283 6101
Jane@ipa.com.my

ADDRESS 
A-28-5, 28th Floor, Menara UOA Bangsar, 
No.5, Jalan Bangsar Utama 1, 
59000 Kuala Lumpur
www.ipa.com.my

FOCUSING ON
  • Module 1: Data Protection At the Workplace
  • Module 2: Notice and Choice Principle
  • Module 3: Compliance: Drafting the What, When and How Issues and Implications of the Principles and Procedures
  • Module 4: Data sharing Arrangements
  • Module 5: Compliance [Mandatory] under the Personal Data Protection Standards 2015
  • Module 6: Human Resource Department and PDPA principles
  • Module 7: Security Guidance
  • Module 8: Guide to implementing Policies and Procedures for Compliance
OVERVIEW

This 1-day PDPA course enable delegates to understand the legal requirements of compliance that apply to key areas of their daily working lives. The course is tailor-made with a practical focus on answering the day-to-day questions which may arise in relation to the participant’s organization handling of personal data and with trainer giving concrete examples.

 

Malaysia Communication and Multimedia Commission [MCMC] is the governing body for ensuring companies are in compliance with the Personal Data Protection Act 2010 and the Commissioner has for the first time issued Personal Data Standards to maintain in 2015 and they are part of the law. The Commissioner has further tightened the Standards 2015 by enforcing the Regulations under Section 132 by passing the Personal Data Protection (Compounding of Offences) Regulations 2016. This move has signalled that there will be more prosecutions from 2016 onwards.

 

Companies ignoring the PDPA law will face stiff penalties under the Criminal Law with penalties ranging from RM100,000 to RM500,000 per offence and jail term.

OBJECTIVES

This course is to educate on the legal and practical know-how that will be necessary to implement the law and for your compliance with the PDPA.

WHO SHOULD ATTEND
  • Directors, Chief Executive Officers, Chief Financial Officers, General Managers, Human Resource Managers, Compliance Officers. Marketing & Sales Managers, Business Entrepreneurs, Legal Advisor
  • Delegates who handle personal data on a regular basis as part of their job functions from the following departments:
    - IT, Legal & Compliance
    - Human Resources
    - Customer service
    - Internal Audit
    - Sales & Marketing
    - Accounting & Finance
METHODOLOGY
  • Interactive lectures, discussion, Q & A and Activities on all modules.

     

  • Materials:
    1. Participant Booklet
    2. Personal Data Protection Act 2010 [Relevant sections]
    3. Standards 2015
    4. Personal Data Regulation 2013
    5. Personal Data Checklist

     

  • There will be Q & A sessions throughout the 1 day course.

COURSE CONTENT
9:00 Module 1: DATA PROTECTION AT THE WORKPLACE

Discussion on General Principles on Personal Data Protection Act 2010
This module will look at how to:

  • Appreciate who and what is covered by Personal Data Protection rules
  • Understand the organisation’s policy and aims on personal data use
  • Overview of the Act
  • Know and apply the core principles for personal data use and understanding Personal data Audit.
  Module 2: NOTICE AND CHOICE PRINCIPLE
  • Understanding the Privacy Notice and Jurisdiction of granting Consent
  • How to draft a Privacy Notice
  • Drafting Privacy Notification Prior To Data Processing & Samples [The company’s documentations will be reviewed and notification can be added to show how to be complaint]
  • Guidelines on understanding Purpose and Drafting the same under Section 6 PDPA 2010.
  • What type of Purposes do you need to add to your Privacy Notice?
  • Guidelines on Consent & Explicit Consent and drafting consent into the company’s forms.
  • Implementing Compliance of Privacy Notice and Administrative Documentation at the Workplace will be discussed.
10.45 Module 3: COMPLIANCE: DRAFTING THE WHAT, WHEN AND HOW ISSUES & IMPLICATIONS OF THE PRINCIPLES AND PROCEDURES
  • Disclosure Principle and guidelines on when you can refuse to disclose or partially disclose;
  • Procedures on Disclosure
  • Procedure on Access at the Workplace
  • Procedure on Retention of Records and other documents at the workplace

    Exercises and Presentation on Section 8, Section 10, Section 11 & Section 12 compliance will be carried out.
12.00 Module 4: DATA SHARING ARRANGEMENTS
  • Data Sharing Agreement contents
1:00 Lunch

2:00

Module 5: COMPLIANCE [MANDATORY] UNDER THE PERSONAL DATA PROTECTION STANDARDS 2015

  • The Data Security Standard distinguishes between conventional and electronic data management and prescribes various security measures in relation to each.
  • Data Retention Standard including Records management
  • Data Storage Standards including procedures for storage in Warehouses and Storage rooms
  • Data Integrity Standard
  • Data Security Standard
  • How to do Compliance under the Standards 2015 and interfacing it with the Personal Data Protection Act 2010.

    Exercises and Presentations on Implementation for compliance of 2015 Standards will be done. Ideas will be shared on how and what needs to be done for the 2015 Standards.
  Module 6: HUMAN RESOURCE DEPARTMENT & PDPA PRINCIPLES

For Human Resources departments, meeting the requirements of data protection law can be particularly challenging. Holding and handling staff
information carries significant legal responsibilities
and risks.

This module discusses key areas of compliance.

  • Ensuring that the recruitment and selection process meets legal requirements, including the reviewing the content of application forms, pre-employment vetting, criminal records, medical checks and the interview process in the light of Compliance
  • How to deal with Outsourcing functions to third party providers
  • Legal Advice on what and how to ensure company documentation is in compliance will be carried out.
3:45 Module 7: SECURITY GUIDANCE
This module looks at what constitutes a Personal data security breach and how such breaches can occur. It also considers how to avoid breaches, and the practical steps that should be taken when a breach occurs. Key aspects of this module include:
  • Analysis of the Security Principle under Section 9 PDPA
  • Guide to Managing Data Breaches – How Data breaches occur
  • Data Breach Management Plan
  • Assessing Risks and Impact –On individuals /On Organisations
  • Reporting the Incident

    Exercises and Presentation on Response Plan, Section 9 and Risk Management
4.30 Module 8: GUIDE TO IMPLEMENTING POLICIES AND PROCEDURES FOR COMPLIANCE
  • Drafting Data Access Request
  • Drafting Data Subject Correction Request
  • Drafting of Records under Standards 2015
  • Drafting of Schedules for disposal under Standards 2015
  • Drafting Letters of authorization to use personal data
  • Policies on BOYD as part of Manual for PDP
  • Policies on use of media devices as part of Manual for PDP
  • Policies on access and disclosure as part of Manual for PDP
  • Policies on Retention as part of Manual for PDP
5:30 End of Course