Personal Data Protection Act 2010 & Standards 2015 and Compliance Implementation

30 Jun, 2022, Remote Online Training - Public

Register Now
PDF Brochure

IPA Training is Registered with

Learn from the Best

AMBIGAH KRISHNAN
Advocate & Solicitor
LL.B (Hons) (London), Certificate In Legal Practice (Malaysia), TESOL (Canada)

 

Ambigah Krishnan has more than 15 years of training and corporate experience on Law topics. She is a PSMB licensed corporate trainer [Licence No TTT/3886] and Lawyer who was called to the Malaysian Bar in 1996 and admitted as Advocate and Solicitor of the High Court of Malaya. Ambigah Krishnan trains in West Malaysia, Sabah, Sarawak and Brunei Darussalam. She has vast professional experience in the training industry. She has excellent communication, writing, people and class management skills.

 

Work Experience
Ambigah Krishnan is an experienced lawyer and trainer and has been involved in PDPA seminars and implementation at the workplace since its inception in 2013.

 

She is also involved in areas relating to Contract Law, civil litigation, Risk compliance, Anti-Corruption laws and areas of Fraud prevention, Employment Law and IR, company matters, corporate, Dispute Resolution, banking issues and Testamentary issues including the writing of Wills. She has trained and lectured for private companies and government entities. Participants made up of managers, CEOs, CFOs, corporate and government support staff and executives.

 

Areas Trained
Ambigah Krishnan conducts seminars for Employment law and Industrial Relations law including mock Industrial hearings of Domestic Inquiries, Law relating to Termination under Labour laws, Employment Law for HR and Non HR Managers, Grievance Handling for Heads of Department, Tenancy and Leases law and Procedure, Precision Drafting / Writing Commercial Contracts Advance Level, Contract Management, Purchasing Contracts and issue of liability for Vendors, Suppliers and Procurement Managers, Seminar on Prevention of Staff Fraud in association with PDRM, Anti-Corruption and Corporate Liability under MACC Act 2009/2018, the Personal Data Protection Act 2010 & Standards 2015 and Personal Data Protection Compliance implementation, EU GDPR 2018 including conference speaker for APEC, Information Security Training; Entrepreneur seminars for fresh graduates and business community.

Publications
Involved in advice and drafting of Human Resource policies and procedures and writing Human Resource Manual for the corporate sector and drafting Policies, procedures and processes for Personal Data Protection Compliance.

 

Benefits of hiring Ms. Ambigah Krishnan
Ms. Ambigah’s forte in conducting legal programs is that she enhances Legal programs with Legal Practitioner’s advice and opinions. She also shares her experience as Legal advisor and Litigation lawyer to be part of teaching of legal programs.

 

She is able to combine the elements taught in a specific program both soft skills and Legal with real life requirements for those on the job.

 

Industry Experience
Trained for Telecommunication sector, Health sector, Finance sector, Government of Malaysia, Insurance sector, Government Linked Companies, Auto Industry sector Manufacturing sector and Oil & Gas Industry.

 

Venue Details

Remote Online Training - Public

Contact us

Juliany,
03 2283 6109
juliany@ipa.com.my

Phoebe,
03 2283 6100
phoebe@ipa.com.my 

FOR CUSTOMISED IN-HOUSE TRAINING
Jane,
03 2283 6101
Jane@ipa.com.my

ADDRESS 
A-28-5, 28th Floor, Menara UOA Bangsar, 
No.5, Jalan Bangsar Utama 1, 
59000 Kuala Lumpur
www.ipa.com.my

FOCUSING ON
  • Module 1: Personal Data Protection Challenges At the Workplace
  • Module 2: Transparency of Data Handling and the Right To Be Forgotten
  • Module 3: Understanding S.10, / S.11 / S.12 Issues and Implications of the Principle
  • Module 4: Security Guidance and Privacy Impact Assessment
  • Module 5: Compliance for Departments and PDPA principles For Human Resources departments
  • Module 6: Commissioner and understanding powers under S.104 to S.109 PDPA 2010
  • Module 7: Compliance for Section 6 & 7 [Participant to use own documents for audit for compliance] and Procedures and Policies based on the 7 Principles for the Workplace.
  • Module 8: Compliance for The Personal Data Protection Standards 2015 [Mandatory]
  • Module 9 : PDPA and COVID-19
OVERVIEW

This 1-day PDPA training course enable participants to understand the legal requirements of compliance that apply to key areas of their daily working lives.

This course is tailor-made with a practical focus on answering the day-to-day questions which may arise in relation to the participant’s organisation handling of personal data and with the Course Leader giving concrete examples. The Course Leader will also share her experience in implementing PDPA compliance at the workplace.

AFTER ATTENDING THIS COURSE YOU WILL RETURN TO YOUR JOB…
  1. Understanding the application of the Personal Data Protection Act 2010 and its related offences as a result of non-compliance.
  2. Reorganizing the practices and process at the respective work areas to support data protection in line with Personal Data Protection Act 2010
  3. Increasing the data integrity and ensure business continuity without contamination and infringement.
  4. Developing principles and mechanism to detect and prevent unauthorized management and dissemination of Personal Data.
  5. Developing and Executing a Risk Based Compliance Inspection Plan to protect Personal Data.
  6. Obtaining ideas to implement PDPA requirements successfully at the workplace.
WHO SHOULD ATTEND
  • Directors, Chief Executive Officers, Chief Financial Officers, General Managers, Human Resource Managers, Compliance Officers. Marketing & Sales Managers, Business Entrepreneurs, Legal Advisor
  • Personnel who handle personal data on a regular basis as part of their job functions from the following departments:
    - IT, Legal & Compliance
    - Human Resources
    - Customer service
    - Internal Audit
    - Sales & Marketing
    - Accounting & Finance
METHODOLOGY
Highly Interactive Session, with a bilateral approach to the subject matter allowing participants to share incidences at respective work locations, Discussion, Case Studies, Mind Mapping and Recap Sessions, Mini Workshop Session – allowing participants to develop their own process and to support subject matter and work in synergy with other participants.

Companies ignoring the PDPA law will face stiff penalties under the Criminal Law with penalties ranging from RM100,000 to RM500,000 per offence and jail term.
COURSE CONTENT
9:00

MODULE 1: PERSONAL DATA PROTECTION CHALLENGES AT THE WORKPLACE

  • Introducing PDPA 2010
  • The main Ingredients of PDPA 2010
  • Understanding Section 6 and Consent
  • Forms of Consent -Implicit/Validity/Explicit and how to be compliant
  • Managing Consent -How to obtain/Who consents/The process and compliance
  • Sensitive Personal data and consent
  • Personal Data and Cloud computing
  • Guidelines on understanding Purpose under Section 6 PDPA 2010.


 

MODULE 2: TRANSPARENCY OF DATA HANDLING AND THE RIGHT TO BE FORGOTTEN

  • Primary duties of Data User under Section 7 PDPA 2010
  • Data User subject to Audit and Inspection
  • Due Diligence and role of Data User
  • Statutory duties of Data User under PDPA 2010
  • When must Notice be given
  • Elements for Notice S.7 Compliance – How to collect / Means of sources / Disclosure to Third parties and rights of Data Subject
  • Channels of communication – Best practice

 

10.45

MODULE 3: UNDERSTANDING S.10, / S.11 / S.12 ISSUES AND IMPLICATIONS OF THE PRINCIPLE

  • Disclosure Principle and guidelines on when you can refuse to disclose or partially disclose;
  • Guidelines and understanding the Retention Principle and how it relates to Employees and former employees;
  • Guidelines on Disposal of Records as per Retention Principle- Reasons for destruction/Destruction Methods/ documentation for disposal/Checklist
  • Guidelines and understanding the Data Integrity Principle under S.11;
  • S.11 possible offences committed by companies and understanding of incorrect, not accurate, not up-to date data and inaccuracy and the relation of rights of individuals under Section 12 to counter Section 11 offences.
  • Access Principle under S.12 and guidelines on how and when to grant excess to access requests.
  • Guideline on requestor access request

A discussion on how the principles will be used in the compliance system of the company.

 

 

MODULE 4: SECURITY GUIDANCE AND PRIVACY IMPACT ASSESSMENT

This module looks at what constitutes a Personal data security breach and how such breaches can occur. It also considers how to avoid breaches, and the practical steps that should be taken when a breach occurs.

 

 

Key aspects of this module include:

  • Analysis of the Security Principle under Section 9 PDPA
  • How security principle used in relation to Nature of Data / Location / Third Party Outsourcing / Measures
  • Do’s and Don’ts of Data Security and Common Breaches as highlighted by MCMC / PDP office.
  • Data Security Standard -Implementation and Compliance
  • Assessing Risks and Impact
  • Compliance with Inspection Requirements

 

 

OVERVIEW ON PDPA UNDERSTANDING AND IMPLEMENTING PDPA ESSENTIALS AT THE WORKPLACE.

  • This will include must have documentation for compliance
  • The policies that cover the Principles under PDPA
  • Other aspects of PDPA implementation at the workplace.

 

12.00

MODULE 5: COMPLIANCE FOR DEPARTMENTS AND PDPA PRINCIPLES FOR HUMAN RESOURCES DEPARTMENTS

Meeting the requirements of data protection law can be particularly challenging. Holding and handling staff information carries significant legal responsibilities and risks. This module discusses key areas of compliance.

  • Ensuring that the recruitment and selection process meets legal requirements, including the content of application forms, pre-employment vetting, criminal records, medical checks and the interview process
  • Retaining staff records, and appropriate periods of time for keeping information
  • Dealing with staff information requests – what must be disclosed and can be withheld
  • Disclosing staff information to outside third parties –the legal requirements that must be met before staff information can be sent outside the organisation
  • References and the rights of ex-members of staff
  • Monitoring staff activities and communication including using Managers, CCTV cameras and website technologies
  • Outsourcing functions to third party providers
  • Provisions to be included in Third Party Contracts as required by the 2015 Standards.

 

 

 

MODULE 6: COMMISSIONER AND UNDERSTANDING POWERS UNDER S.104 TO S.109 PDPA 2010

  • Powers of Investigations by PDP Officers
  • Penalties for Obstruction and search / seizure of data
  • Criminal Offences and Liabilities under the PDPA 2010
  • Punishment for contravention of the Act
  • Offences by body corporate
  • Contravention of the personal data protection principles
  • Processing of sensitive personal data in contravention to Section 40
  • Unlawful collection or disclosure of personal data
  • Personal Data Protection (Compounding of Offences) Regulations 2016

 

1:00 Lunch
2:00

MODULE 7: COMPLIANCE FOR SECTION 6 & 7 [PARTICIPANT TO USE OWN DOCUMENTS FOR AUDIT FOR COMPLIANCE] AND PROCEDURES AND POLICIES BASED ON THE 7 PRINCIPLES FOR THE WORKPLACE.

  • Discussion on Drafting the Consent Notice for various categories of Business sectors
  • Discussion on Drafting Consent Notice for Application forms/ Interview forms/ Confidentiality clauses on consent etc.
  • Drafting the Notice and understanding how to draft the purpose clause in the Notice
  • Guidelines on different categories of Notices

 

 

MODULE 8: COMPLIANCE FOR THE PERSONAL DATA PROTECTION STANDARDS 2015 [MANDATORY]

  • The Data Security Standard distinguishes between conventional and electronic data management and prescribes various security measures in relation to each.
  • Data Retention Standard
  • Data Storage Standards
  • Data Integrity Standard
  • Data Security Standard

 

 

[Participants encouraged to discuss their organization compliance audit as part of this module]

 

3.45

MODULE 9: PDPA AND COVID-19

  • What type of personal data is typically being processed during the Covid-19 outbreak?
  • May employers collect information about travel history of employees, contractors and visitors?
  • May employers request employees, contractors or visitors to notify them if the latter is diagnosed?
  • May employers notify others of any employee, contractor or visitor who is infected or suspected of being infected?
  • Purpose under PDPA and Prevention and Control of Infectious Diseases Act 2020

 

 

5:00 End of Course