DATA PROTECTION & PRIVACY IN MALAYSIA: A PRACTICAL APPROACH
Data protection is amongst the most recent and important compliance issues facing businesses around the world. In Malaysia’s evolving digital landscape, companies are expected to comply with the Personal Data Protection Act 2010 (PDPA) and all its related subsidiary rules. As data flows through almost every level of an organisation, each member of staff is expected to have at least a basic understanding of the fundamentals of data protection and privacy. This training serves to present these concepts in a practical manner and assist participants to be able to identify potential risks within their work scope. The training also goes further to introduce the data protection landscape in the SEA region in anticipation of evolving trends and includes a basic assessment to benchmark comprehension.
Course objectives
To understand the core principles of the PDPA (Malaysia)
To understand the scope, penalties and risks attached to PDPA (Malaysia);
To understand how the principles of the PDPA apply uniquely to your sector;
To identify red flags for risk mitigation in data protection; and
To understand ethical concerns arising in the field of data protection and the how regulations will likely evolve.
PRIVACY OWNERSHIP 1: DEVELOPING A PRIVACY PROGRAM
A privacy program is a structured approach combining legal, compliance, technology, project management and other disciplines to meet the demands of businesses dealing with personal data and other types of sensitive data. Businesses, particularly those that are data driven, look to privacy programs to ensure regulatory compliance and more importantly increase public trust in their brand. A privacy program is typically implemented throughout a company but can also be used for specific department implementation, in a standalone project or a single product. It should not be viewed as a ‘plug and play’ solution or ‘one size fits all’ solution. These programs, if implemented properly, should become business enablers and not inhibitors. They continue to develop and mature with the organisation as it grows.
PRIVACY OWNERSHIP 2: PRIVACY ASSESSMENTS & PRIVACY BY DESIGN
Assessments can act as a health check on the organisation as a whole or as a risk mitigator for specific instances. Some common privacy assessments are (i) vendor assessments - assessments of third party vendors who may deal with data collected by your organisation to ensure they are in compliance with your organisation’s standards; (ii) Cybersecurity assessments - assessment of all IT hardware and software used in an organisation to determine the risk of a breach (iii) Physical assessment - an assessment of potential risks based on the physical set up of a location i.e. file cabinets, copy and shredding machines, security access etc. (iv) merger and acquisition privacy assessments - an assessment of any entity to be acquired. Most importantly this training will focus on data protection impact assessments (DPIA), a form of assessment that is now mandatory in many circumstances under the GDPR.
Course objectives
To measure the privacy maturity of the organisation or a department
To understand how to develop a privacy mission and vision statement
To set out the parameters of a privacy program
To understand the implementation concerns of a privacy program
To understand how to structure a departmental/organisational privacy team
Course objectives
To develop various forms of privacy-focused assessments catered to your organisation’s needs
To understand the function, scope and need for data protection impact assessments (DPIA)
To understand and implement the principles of Privacy by Design (PbD) in a
