The Personal Data Protection Commission (“PDPC”) has recently introduced and updated its advisory guidelines to help companies better protect personal data in compliance with the Personal Data Protection Act (“PDPA”). The new Guide to Preventing Accidental Disclosure When Processing and Sending Personal Data as well as updates to the (a) Guide to Securing Personal Data in Electronic Medium; (b) Guide to Disposal of Personal Data on Physical Medium; and (c) Guide on Building Websites for SMEs, were released on 20 January 2017.
The PDPC also released two enforcement decisions on 25 January 2017, relating to the breach of personal data protection obligations under the PDPA. Financial penalties were imposed on the organisations in breach for the failure to prevent unauthorised access of individuals’ personal data stored online. In one of the decisions, the PDPC also directed the organisation to cease storage of documents containing personal data via its internal system until appropriate remedial actions have been completed. To learn more about the PDPC enforcement decisions, please click here.
Organisations concerned about compliance with the PDPA should take note of the PDPC’s serious view of any non-compliance and the approach that the PDPC will take to enforce the PDPA.
For more information, please download the full alert here.