SlideShare a Scribd company logo

Pdpa2010 & GDPR (part 5)

H
Hairul Hafiz Hasbullah

This document discusses the Personal Data Protection Act 2010 of Malaysia and the impact of the EU General Data Protection Regulation (GDPR) on Malaysian organizations. It provides an overview of key concepts around personal data protection such as the definition of personal and sensitive data. It also summarizes the differences between the PDPA and GDPR, noting requirements of the GDPR like mandatory breach notification. The document outlines MyCEB's personal data protection framework and an action plan for MyCEB to implement stages of compliance with the GDPR.

Law
1 of 19
Download to read offline
Malaysia: Personal Data Protection Act (PDPA) 2010 Hairul Hafiz B Hasbullah Data Protection (Part 5) Impact of EU General Data Protection Regulation on MyCEB
OBJECTIVE • Refresher • The key difference between EU General Data Protection Regulation (GDPR) and PDPA 2010 • The Impact the GDPR has on Malaysia Organisations ( MyCEB) • MyCEB Personal Data Protection framework
REFRESHER What is Personal Data Information about an individual that is recorded in any form Types of Data Data Subject/ User/Processor
TYPES OF PERSONAL DATA ? • Home address • Home telephone number • Age, date of birth, gender • Blood type • Ethnicity, nation of origin, colour of skin • Religious beliefs • Health care/medical history • Marital status • Identifying numbers (NRIC) • Credit card numbers • Criminal records, fingerprints • Curriculum vitae • Educational history • Financial history • Employment information • Exact salary
WHAT IS SENSITIVE DATA? • the physical or mental health of a data subject • his political opinions • his religious beliefs • the commission by him of any offence; or • any other personal data determined by the Minister Note : can only be processed under specific circumstances set out in PDPA (including explicit consent by data subject) Any personal data consisting:
REFRESHER What is the 7 Principles? 1 General 2 Notice & Choice 3 Disclosure 4 Security 5 Retention 6 Integrity 7 Access
MyCEB PDPA POLICY AND CLAUSES
MyCEB PDPA POLICY AND CLAUSES MyCEB Website Policy
WHERE ARE WE ? Collection of Personal Data 1 Do you collect personal data about your customer 2 Do you have a personal data inventory map on ( what data is collected?/ who collects?/ where it is stored?/ who it is disclosed to? 3 When collecting personal data, do you clearly inform the individual the purpose for which it will be collected and obtain consent? 4 Do you ensure that 3rd party has obtained consent from the individuals to disclose the personal data? 5 Is there a formal process for the withdrawal of consent by individuals in respect of the collection?
WHERE ARE WE ? Use Of Personal Data 6 Do you limit the use of personal data collected to only purposes that you have obtained consent for? 7 Before data protection requirements of the PDPA come into operation, are you using the personal data only for purposes that it was collected for? Disclosure of Personal Data 8 Do you limit the disclosure of personal data collected to only purposes that you have obtained consent for?
WHERE ARE WE ? Retention Limitation 15 Is there regular data housekeeping 16 Do you remove personal data no longer needed for business or legal purposes?
BACKGROUND OF GDPR • The Data Protection Act 1998 • EU GDPR effective 25 May 2018 • 99 Articles in the Regulation GDPR
WHAT DO YOU NEED TO DO at Your Workplace ? 11 things
GDPR APPLIES TO MALAYSIA IF THEY a. have subsidiary or branch in the EU; b. Offer goods or services to individuals in the EU; or c. Monitor behaviour that takes place within EU Note: Malaysian organisations subject to the jurisdictional reach of the GDPR must appoint an EU-based representative
• Data Breach Notification within 72 hours • Appointment of data protection officer (DPO) • Introduction of the right to erasure or to be forgotten • Introduction of right to data portability • Rights related to automated decision making & profiling • Consent • Special categories (sensitive data) • Privacy notice KEY HIGHLIGHTS OF GDPR
ACTION PLAN MyCEB Implementation: Stage 2 • Forms & Agreements (Internal & External) • Person In Charge for each Division • Established Retention Policy on Data • Housekeeping & Erase(Clean up Data and update) • Provide an access for Data Subject to amend • Exercise PDPA Policy Form across the board • Amendment of website policy on PDPA • Issue emails to client on the update on the policy
Pdpa2010 & GDPR (part 5)

Recommended

PDPA 2010 (Part 4) by Hairul Hafiz Hasbullah
PDPA 2010 (Part 4) by Hairul Hafiz HasbullahPDPA 2010 (Part 4) by Hairul Hafiz Hasbullah
PDPA 2010 (Part 4) by Hairul Hafiz Hasbullah
Hairul Hafiz Hasbullah
 
PDPA 2010 (part 2) - What's Next?
PDPA 2010 (part 2) - What's Next?PDPA 2010 (part 2) - What's Next?
PDPA 2010 (part 2) - What's Next?
Hairul Hafiz Hasbullah
 
PDPA 2010 at office (HairulHafiz)
PDPA 2010 at office (HairulHafiz)PDPA 2010 at office (HairulHafiz)
PDPA 2010 at office (HairulHafiz)
Hairul Hafiz Hasbullah
 
Personal Data Protection in Malaysia
Personal Data Protection in MalaysiaPersonal Data Protection in Malaysia
Personal Data Protection in Malaysia
MSC Malaysia Cybercentre @ Bangsar South City
 
Personal Data Protection in Malaysia
Personal Data Protection in MalaysiaPersonal Data Protection in Malaysia
Personal Data Protection in Malaysia
khenghoe
 
The Data Protection Act What You Need To Know
The Data Protection Act What You Need To KnowThe Data Protection Act What You Need To Know
The Data Protection Act What You Need To Know
EamonnORagh
 
The Data Protection Act
The Data Protection ActThe Data Protection Act
The Data Protection Act
SaimaRafiq
 
Things to know about GDPR in 2018
Things to know about GDPR in 2018Things to know about GDPR in 2018
Things to know about GDPR in 2018
Webkul Software Pvt. Ltd.
 

Recommended

PDPA 2010 (Part 4) by Hairul Hafiz Hasbullah
PDPA 2010 (Part 4) by Hairul Hafiz HasbullahPDPA 2010 (Part 4) by Hairul Hafiz Hasbullah
PDPA 2010 (Part 4) by Hairul Hafiz Hasbullah
Hairul Hafiz Hasbullah
 
PDPA 2010 (part 2) - What's Next?
PDPA 2010 (part 2) - What's Next?PDPA 2010 (part 2) - What's Next?
PDPA 2010 (part 2) - What's Next?
Hairul Hafiz Hasbullah
 
PDPA 2010 at office (HairulHafiz)
PDPA 2010 at office (HairulHafiz)PDPA 2010 at office (HairulHafiz)
PDPA 2010 at office (HairulHafiz)
Hairul Hafiz Hasbullah
 
Personal Data Protection in Malaysia
Personal Data Protection in MalaysiaPersonal Data Protection in Malaysia
Personal Data Protection in Malaysia
MSC Malaysia Cybercentre @ Bangsar South City
 
Personal Data Protection in Malaysia
Personal Data Protection in MalaysiaPersonal Data Protection in Malaysia
Personal Data Protection in Malaysia
khenghoe
 
The Data Protection Act What You Need To Know
The Data Protection Act What You Need To KnowThe Data Protection Act What You Need To Know
The Data Protection Act What You Need To Know
EamonnORagh
 
The Data Protection Act
The Data Protection ActThe Data Protection Act
The Data Protection Act
SaimaRafiq
 
Things to know about GDPR in 2018
Things to know about GDPR in 2018Things to know about GDPR in 2018
Things to know about GDPR in 2018
Webkul Software Pvt. Ltd.
 
Privacy and Data Protection Act 2014 (VIC)
Privacy and Data Protection Act 2014 (VIC)Privacy and Data Protection Act 2014 (VIC)
Privacy and Data Protection Act 2014 (VIC)
Russell_Kennedy
 
Data Protection Act
Data Protection ActData Protection Act
Data Protection Act
mrmwood
 
Data Protection (Download for slideshow)
Data Protection (Download for slideshow)Data Protection (Download for slideshow)
Data Protection (Download for slideshow)
Andrew Sharpe
 
Data Protection Guidelines
Data Protection GuidelinesData Protection Guidelines
Data Protection Guidelines
David Scanlon
 
Impact of ict on privacy and personal data
Impact of ict on privacy and personal dataImpact of ict on privacy and personal data
Impact of ict on privacy and personal data
mohd kamal
 
General data protection
General data protectionGeneral data protection
General data protection
BrijeshR3
 
Highlights of the Singapore Personal Data Protection Act 2012
Highlights of the Singapore Personal Data Protection Act 2012Highlights of the Singapore Personal Data Protection Act 2012
Highlights of the Singapore Personal Data Protection Act 2012
Fuji Xerox Singapore
 
Personal Data Protection Singapore - Pdpc corporate-brochure
Personal Data Protection Singapore - Pdpc corporate-brochurePersonal Data Protection Singapore - Pdpc corporate-brochure
Personal Data Protection Singapore - Pdpc corporate-brochure
Jean Luc Creppy
 
A quick look at gdpr
A quick look at gdprA quick look at gdpr
A quick look at gdpr
CookieYes
 
Data protection ppt
Data protection pptData protection ppt
Data protection ppt
grahamwell
 
Popi act presentation
Popi act presentationPopi act presentation
Popi act presentation
Kholisile Mazaza
 
Merit Event - Understanding and Managing Data Protection
Merit Event - Understanding and Managing Data ProtectionMerit Event - Understanding and Managing Data Protection
Merit Event - Understanding and Managing Data Protection
meritnorthwest
 
Safety And Security Of Data 4
Safety And Security Of Data 4Safety And Security Of Data 4
Safety And Security Of Data 4
Wynthorpe
 
Data protection act
Data protection act Data protection act
Data protection act
Iqbal Bocus
 
HOW TO PROCESS DATA IN VARIOUS GEO'S A COMPARATIVE ANALYSIS BY SANJEEV SINGH...
HOW TO PROCESS DATA IN VARIOUS GEO'S A COMPARATIVE ANALYSIS BY SANJEEV SINGH...HOW TO PROCESS DATA IN VARIOUS GEO'S A COMPARATIVE ANALYSIS BY SANJEEV SINGH...
HOW TO PROCESS DATA IN VARIOUS GEO'S A COMPARATIVE ANALYSIS BY SANJEEV SINGH...
Sanjeev Bharwan
 
Intercity technology - GDPR your training toolkit
Intercity technology - GDPR your training toolkitIntercity technology - GDPR your training toolkit
Intercity technology - GDPR your training toolkit
joshquarrie
 
GDPR and WHOIS Compliance - Impact on Indian Stakeholders
GDPR and WHOIS Compliance - Impact on Indian StakeholdersGDPR and WHOIS Compliance - Impact on Indian Stakeholders
GDPR and WHOIS Compliance - Impact on Indian Stakeholders
ServerGuy
 
Applying the Personal Data Protection Act (Singapore)
Applying the Personal Data Protection Act (Singapore)Applying the Personal Data Protection Act (Singapore)
Applying the Personal Data Protection Act (Singapore)
Benjamin Ang
 
PDPA Compliance Preparation
PDPA Compliance PreparationPDPA Compliance Preparation
PDPA Compliance Preparation
LawPlus Ltd.
 
Data Privacy in India and data theft
Data Privacy in India and data theftData Privacy in India and data theft
Data Privacy in India and data theft
Amber Gupta
 
GDPR in the Healthcare Industry
GDPR in the Healthcare IndustryGDPR in the Healthcare Industry
GDPR in the Healthcare Industry
EMMAIntl
 
Public sector breakfast club - October 2017, Exeter
Public sector breakfast club - October 2017, ExeterPublic sector breakfast club - October 2017, Exeter
Public sector breakfast club - October 2017, Exeter
Browne Jacobson LLP
 

More Related Content

What's hot

Highlights of the Singapore Personal Data Protection Act 2012
Highlights of the Singapore Personal Data Protection Act 2012Highlights of the Singapore Personal Data Protection Act 2012
Highlights of the Singapore Personal Data Protection Act 2012
Fuji Xerox Singapore
 
Merit Event - Understanding and Managing Data Protection
Merit Event - Understanding and Managing Data ProtectionMerit Event - Understanding and Managing Data Protection
Merit Event - Understanding and Managing Data Protection
meritnorthwest
 
Data protection act
Data protection act Data protection act
Data protection act
Iqbal Bocus
 
Intercity technology - GDPR your training toolkit
Intercity technology - GDPR your training toolkitIntercity technology - GDPR your training toolkit
Intercity technology - GDPR your training toolkit
joshquarrie
 

What's hot (20)

Privacy and Data Protection Act 2014 (VIC)
Privacy and Data Protection Act 2014 (VIC)Privacy and Data Protection Act 2014 (VIC)
Privacy and Data Protection Act 2014 (VIC)
 
Data Protection Act
Data Protection ActData Protection Act
Data Protection Act
 
Data Protection (Download for slideshow)
Data Protection (Download for slideshow)Data Protection (Download for slideshow)
Data Protection (Download for slideshow)
 
Data Protection Guidelines
Data Protection GuidelinesData Protection Guidelines
Data Protection Guidelines
 
Impact of ict on privacy and personal data
Impact of ict on privacy and personal dataImpact of ict on privacy and personal data
Impact of ict on privacy and personal data
 
General data protection
General data protectionGeneral data protection
General data protection
 
Highlights of the Singapore Personal Data Protection Act 2012
Highlights of the Singapore Personal Data Protection Act 2012Highlights of the Singapore Personal Data Protection Act 2012
Highlights of the Singapore Personal Data Protection Act 2012
 
Personal Data Protection Singapore - Pdpc corporate-brochure
Personal Data Protection Singapore - Pdpc corporate-brochurePersonal Data Protection Singapore - Pdpc corporate-brochure
Personal Data Protection Singapore - Pdpc corporate-brochure
 
A quick look at gdpr
A quick look at gdprA quick look at gdpr
A quick look at gdpr
 
Data protection ppt
Data protection pptData protection ppt
Data protection ppt
 
Popi act presentation
Popi act presentationPopi act presentation
Popi act presentation
 
Merit Event - Understanding and Managing Data Protection
Merit Event - Understanding and Managing Data ProtectionMerit Event - Understanding and Managing Data Protection
Merit Event - Understanding and Managing Data Protection
 
Safety And Security Of Data 4
Safety And Security Of Data 4Safety And Security Of Data 4
Safety And Security Of Data 4
 
Data protection act
Data protection act Data protection act
Data protection act
 
HOW TO PROCESS DATA IN VARIOUS GEO'S A COMPARATIVE ANALYSIS BY SANJEEV SINGH...
HOW TO PROCESS DATA IN VARIOUS GEO'S A COMPARATIVE ANALYSIS BY SANJEEV SINGH...HOW TO PROCESS DATA IN VARIOUS GEO'S A COMPARATIVE ANALYSIS BY SANJEEV SINGH...
HOW TO PROCESS DATA IN VARIOUS GEO'S A COMPARATIVE ANALYSIS BY SANJEEV SINGH...
 
Intercity technology - GDPR your training toolkit
Intercity technology - GDPR your training toolkitIntercity technology - GDPR your training toolkit
Intercity technology - GDPR your training toolkit
 
GDPR and WHOIS Compliance - Impact on Indian Stakeholders
GDPR and WHOIS Compliance - Impact on Indian StakeholdersGDPR and WHOIS Compliance - Impact on Indian Stakeholders
GDPR and WHOIS Compliance - Impact on Indian Stakeholders
 
Applying the Personal Data Protection Act (Singapore)
Applying the Personal Data Protection Act (Singapore)Applying the Personal Data Protection Act (Singapore)
Applying the Personal Data Protection Act (Singapore)
 
PDPA Compliance Preparation
PDPA Compliance PreparationPDPA Compliance Preparation
PDPA Compliance Preparation
 
Data Privacy in India and data theft
Data Privacy in India and data theftData Privacy in India and data theft
Data Privacy in India and data theft
 

Similar to Pdpa2010 & GDPR (part 5)

GDPR webinar presentation | LawBite
GDPR webinar presentation | LawBiteGDPR webinar presentation | LawBite
GDPR webinar presentation | LawBite
Clive Rich
 
Data Privacy and consent management .. .
Data Privacy and consent management .. .Data Privacy and consent management .. .
Data Privacy and consent management .. .
ClinosolIndia
 

Similar to Pdpa2010 & GDPR (part 5) (20)

GDPR in the Healthcare Industry
GDPR in the Healthcare IndustryGDPR in the Healthcare Industry
GDPR in the Healthcare Industry
 
Public sector breakfast club - October 2017, Exeter
Public sector breakfast club - October 2017, ExeterPublic sector breakfast club - October 2017, Exeter
Public sector breakfast club - October 2017, Exeter
 
GDPR webinar presentation | LawBite
GDPR webinar presentation | LawBiteGDPR webinar presentation | LawBite
GDPR webinar presentation | LawBite
 
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
 
GDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business AdvisorsGDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business Advisors
 
GDPR - Sink or Swim
GDPR - Sink or SwimGDPR - Sink or Swim
GDPR - Sink or Swim
 
GDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business AdvisorsGDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business Advisors
 
GDPR Breakfast Briefing for Business Owners, IT Directors, HR Directors & Ops...
GDPR Breakfast Briefing for Business Owners, IT Directors, HR Directors & Ops...GDPR Breakfast Briefing for Business Owners, IT Directors, HR Directors & Ops...
GDPR Breakfast Briefing for Business Owners, IT Directors, HR Directors & Ops...
 
GDPR for your Payroll Bureau
GDPR for your Payroll BureauGDPR for your Payroll Bureau
GDPR for your Payroll Bureau
 
Education law conferences, March 2018, Keynote 2 - 10 steps in 10 weeks to GD...
Education law conferences, March 2018, Keynote 2 - 10 steps in 10 weeks to GD...Education law conferences, March 2018, Keynote 2 - 10 steps in 10 weeks to GD...
Education law conferences, March 2018, Keynote 2 - 10 steps in 10 weeks to GD...
 
GDPR
GDPRGDPR
GDPR
 
Data Privacy and Data Protection: Rotary’s Compliance with GDPR
Data Privacy and Data Protection: Rotary’s Compliance with GDPRData Privacy and Data Protection: Rotary’s Compliance with GDPR
Data Privacy and Data Protection: Rotary’s Compliance with GDPR
 
GDPR Practicalities - The Data Shed
GDPR Practicalities - The Data ShedGDPR Practicalities - The Data Shed
GDPR Practicalities - The Data Shed
 
Did you implement GDPR already?
Did you implement GDPR already?Did you implement GDPR already?
Did you implement GDPR already?
 
Data Privacy and consent management .. .
Data Privacy and consent management .. .Data Privacy and consent management .. .
Data Privacy and consent management .. .
 
Data privacy and consent management (K.sailaja).pptx
Data privacy and consent management (K.sailaja).pptxData privacy and consent management (K.sailaja).pptx
Data privacy and consent management (K.sailaja).pptx
 
Gdpr demystified - making sense of the regulation
Gdpr demystified - making sense of the regulationGdpr demystified - making sense of the regulation
Gdpr demystified - making sense of the regulation
 
What You Should Know About Data Privacy- Knobbe Martens Webinar Series for St...
What You Should Know About Data Privacy- Knobbe Martens Webinar Series for St...What You Should Know About Data Privacy- Knobbe Martens Webinar Series for St...
What You Should Know About Data Privacy- Knobbe Martens Webinar Series for St...
 
Preparing your Business for the Data Protection Bill
Preparing your Business for the Data Protection BillPreparing your Business for the Data Protection Bill
Preparing your Business for the Data Protection Bill
 
GDPR Privacy Introduction
GDPR Privacy IntroductionGDPR Privacy Introduction
GDPR Privacy Introduction
 

Recently uploaded

一比一原版(KPU毕业证书)加拿大昆特兰理工大学毕业证如何办理
一比一原版(KPU毕业证书)加拿大昆特兰理工大学毕业证如何办理一比一原版(KPU毕业证书)加拿大昆特兰理工大学毕业证如何办理
一比一原版(KPU毕业证书)加拿大昆特兰理工大学毕业证如何办理
e9733fc35af6
 
一比一原版(Carleton毕业证书)加拿大卡尔顿大学毕业证如何办理
一比一原版(Carleton毕业证书)加拿大卡尔顿大学毕业证如何办理一比一原版(Carleton毕业证书)加拿大卡尔顿大学毕业证如何办理
一比一原版(Carleton毕业证书)加拿大卡尔顿大学毕业证如何办理
e9733fc35af6
 
一比一原版伦敦南岸大学毕业证如何办理
一比一原版伦敦南岸大学毕业证如何办理一比一原版伦敦南岸大学毕业证如何办理
一比一原版伦敦南岸大学毕业证如何办理
Airst S
 
一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理
一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理
一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理
bd2c5966a56d
 
一比一原版悉尼大学毕业证如何办理
一比一原版悉尼大学毕业证如何办理一比一原版悉尼大学毕业证如何办理
一比一原版悉尼大学毕业证如何办理
Airst S
 
一比一原版(RMIT毕业证书)皇家墨尔本理工大学毕业证如何办理
一比一原版(RMIT毕业证书)皇家墨尔本理工大学毕业证如何办理一比一原版(RMIT毕业证书)皇家墨尔本理工大学毕业证如何办理
一比一原版(RMIT毕业证书)皇家墨尔本理工大学毕业证如何办理
ss
 
3 Formation of Company.www.seribangash.com.ppt
3 Formation of Company.www.seribangash.com.ppt3 Formation of Company.www.seribangash.com.ppt
3 Formation of Company.www.seribangash.com.ppt
seri bangash
 
一比一原版(Essex毕业证书)埃塞克斯大学毕业证学位证书
一比一原版(Essex毕业证书)埃塞克斯大学毕业证学位证书一比一原版(Essex毕业证书)埃塞克斯大学毕业证学位证书
一比一原版(Essex毕业证书)埃塞克斯大学毕业证学位证书
F La
 
Code_Ethics of_Mechanical_Engineering.ppt
Code_Ethics of_Mechanical_Engineering.pptCode_Ethics of_Mechanical_Engineering.ppt
Code_Ethics of_Mechanical_Engineering.ppt
JosephCanama
 
一比一原版(USC毕业证书)南加州大学毕业证学位证书
一比一原版(USC毕业证书)南加州大学毕业证学位证书一比一原版(USC毕业证书)南加州大学毕业证学位证书
一比一原版(USC毕业证书)南加州大学毕业证学位证书
irst
 

Recently uploaded (20)

一比一原版(KPU毕业证书)加拿大昆特兰理工大学毕业证如何办理
一比一原版(KPU毕业证书)加拿大昆特兰理工大学毕业证如何办理一比一原版(KPU毕业证书)加拿大昆特兰理工大学毕业证如何办理
一比一原版(KPU毕业证书)加拿大昆特兰理工大学毕业证如何办理
 
Human Rights_FilippoLuciani diritti umani.pptx
Human Rights_FilippoLuciani diritti umani.pptxHuman Rights_FilippoLuciani diritti umani.pptx
Human Rights_FilippoLuciani diritti umani.pptx
 
Hely-Hutchinson v. Brayhead Ltd .pdf
Hely-Hutchinson v. Brayhead Ltd .pdfHely-Hutchinson v. Brayhead Ltd .pdf
Hely-Hutchinson v. Brayhead Ltd .pdf
 
Cyber Laws : National and International Perspective.
Cyber Laws : National and International Perspective.Cyber Laws : National and International Perspective.
Cyber Laws : National and International Perspective.
 
一比一原版(Carleton毕业证书)加拿大卡尔顿大学毕业证如何办理
一比一原版(Carleton毕业证书)加拿大卡尔顿大学毕业证如何办理一比一原版(Carleton毕业证书)加拿大卡尔顿大学毕业证如何办理
一比一原版(Carleton毕业证书)加拿大卡尔顿大学毕业证如何办理
 
Chambers Global Practice Guide - Canada M&A
Chambers Global Practice Guide - Canada M&AChambers Global Practice Guide - Canada M&A
Chambers Global Practice Guide - Canada M&A
 
一比一原版伦敦南岸大学毕业证如何办理
一比一原版伦敦南岸大学毕业证如何办理一比一原版伦敦南岸大学毕业证如何办理
一比一原版伦敦南岸大学毕业证如何办理
 
Understanding the Role of Labor Unions and Collective Bargaining
Understanding the Role of Labor Unions and Collective BargainingUnderstanding the Role of Labor Unions and Collective Bargaining
Understanding the Role of Labor Unions and Collective Bargaining
 
一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理
一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理
一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理
 
Philippine FIRE CODE REVIEWER for Architecture Board Exam Takers
Philippine FIRE CODE REVIEWER for Architecture Board Exam TakersPhilippine FIRE CODE REVIEWER for Architecture Board Exam Takers
Philippine FIRE CODE REVIEWER for Architecture Board Exam Takers
 
一比一原版悉尼大学毕业证如何办理
一比一原版悉尼大学毕业证如何办理一比一原版悉尼大学毕业证如何办理
一比一原版悉尼大学毕业证如何办理
 
The doctrine of harmonious construction under Interpretation of statute
The doctrine of harmonious construction under Interpretation of statuteThe doctrine of harmonious construction under Interpretation of statute
The doctrine of harmonious construction under Interpretation of statute
 
It’s Not Easy Being Green: Ethical Pitfalls for Bankruptcy Novices
It’s Not Easy Being Green: Ethical Pitfalls for Bankruptcy NovicesIt’s Not Easy Being Green: Ethical Pitfalls for Bankruptcy Novices
It’s Not Easy Being Green: Ethical Pitfalls for Bankruptcy Novices
 
Reason Behind the Success of Law Firms in India
Reason Behind the Success of Law Firms in IndiaReason Behind the Success of Law Firms in India
Reason Behind the Success of Law Firms in India
 
Navigating Employment Law - Term Project.pptx
Navigating Employment Law - Term Project.pptxNavigating Employment Law - Term Project.pptx
Navigating Employment Law - Term Project.pptx
 
一比一原版(RMIT毕业证书)皇家墨尔本理工大学毕业证如何办理
一比一原版(RMIT毕业证书)皇家墨尔本理工大学毕业证如何办理一比一原版(RMIT毕业证书)皇家墨尔本理工大学毕业证如何办理
一比一原版(RMIT毕业证书)皇家墨尔本理工大学毕业证如何办理
 
3 Formation of Company.www.seribangash.com.ppt
3 Formation of Company.www.seribangash.com.ppt3 Formation of Company.www.seribangash.com.ppt
3 Formation of Company.www.seribangash.com.ppt
 
一比一原版(Essex毕业证书)埃塞克斯大学毕业证学位证书
一比一原版(Essex毕业证书)埃塞克斯大学毕业证学位证书一比一原版(Essex毕业证书)埃塞克斯大学毕业证学位证书
一比一原版(Essex毕业证书)埃塞克斯大学毕业证学位证书
 
Code_Ethics of_Mechanical_Engineering.ppt
Code_Ethics of_Mechanical_Engineering.pptCode_Ethics of_Mechanical_Engineering.ppt
Code_Ethics of_Mechanical_Engineering.ppt
 
一比一原版(USC毕业证书)南加州大学毕业证学位证书
一比一原版(USC毕业证书)南加州大学毕业证学位证书一比一原版(USC毕业证书)南加州大学毕业证学位证书
一比一原版(USC毕业证书)南加州大学毕业证学位证书
 

Pdpa2010 & GDPR (part 5)

  • 1. Malaysia: Personal Data Protection Act (PDPA) 2010 Hairul Hafiz B Hasbullah Data Protection (Part 5) Impact of EU General Data Protection Regulation on MyCEB
  • 2. OBJECTIVE • Refresher • The key difference between EU General Data Protection Regulation (GDPR) and PDPA 2010 • The Impact the GDPR has on Malaysia Organisations ( MyCEB) • MyCEB Personal Data Protection framework
  • 3. REFRESHER What is Personal Data Information about an individual that is recorded in any form Types of Data Data Subject/ User/Processor
  • 4. TYPES OF PERSONAL DATA ? • Home address • Home telephone number • Age, date of birth, gender • Blood type • Ethnicity, nation of origin, colour of skin • Religious beliefs • Health care/medical history • Marital status • Identifying numbers (NRIC) • Credit card numbers • Criminal records, fingerprints • Curriculum vitae • Educational history • Financial history • Employment information • Exact salary
  • 5. WHAT IS SENSITIVE DATA? • the physical or mental health of a data subject • his political opinions • his religious beliefs • the commission by him of any offence; or • any other personal data determined by the Minister Note : can only be processed under specific circumstances set out in PDPA (including explicit consent by data subject) Any personal data consisting:
  • 6. REFRESHER What is the 7 Principles? 1 General 2 Notice & Choice 3 Disclosure 4 Security 5 Retention 6 Integrity 7 Access
  • 7. MyCEB PDPA POLICY AND CLAUSES
  • 8. MyCEB PDPA POLICY AND CLAUSES MyCEB Website Policy
  • 9. WHERE ARE WE ? Collection of Personal Data 1 Do you collect personal data about your customer 2 Do you have a personal data inventory map on ( what data is collected?/ who collects?/ where it is stored?/ who it is disclosed to? 3 When collecting personal data, do you clearly inform the individual the purpose for which it will be collected and obtain consent? 4 Do you ensure that 3rd party has obtained consent from the individuals to disclose the personal data? 5 Is there a formal process for the withdrawal of consent by individuals in respect of the collection?
  • 10. WHERE ARE WE ? Use Of Personal Data 6 Do you limit the use of personal data collected to only purposes that you have obtained consent for? 7 Before data protection requirements of the PDPA come into operation, are you using the personal data only for purposes that it was collected for? Disclosure of Personal Data 8 Do you limit the disclosure of personal data collected to only purposes that you have obtained consent for?
  • 11. WHERE ARE WE ? Retention Limitation 15 Is there regular data housekeeping 16 Do you remove personal data no longer needed for business or legal purposes?
  • 12.
  • 13. BACKGROUND OF GDPR • The Data Protection Act 1998 • EU GDPR effective 25 May 2018 • 99 Articles in the Regulation GDPR
  • 14.
  • 15. WHAT DO YOU NEED TO DO at Your Workplace ? 11 things
  • 16. GDPR APPLIES TO MALAYSIA IF THEY a. have subsidiary or branch in the EU; b. Offer goods or services to individuals in the EU; or c. Monitor behaviour that takes place within EU Note: Malaysian organisations subject to the jurisdictional reach of the GDPR must appoint an EU-based representative
  • 17. • Data Breach Notification within 72 hours • Appointment of data protection officer (DPO) • Introduction of the right to erasure or to be forgotten • Introduction of right to data portability • Rights related to automated decision making & profiling • Consent • Special categories (sensitive data) • Privacy notice KEY HIGHLIGHTS OF GDPR
  • 18. ACTION PLAN MyCEB Implementation: Stage 2 • Forms & Agreements (Internal & External) • Person In Charge for each Division • Established Retention Policy on Data • Housekeeping & Erase(Clean up Data and update) • Provide an access for Data Subject to amend • Exercise PDPA Policy Form across the board • Amendment of website policy on PDPA • Issue emails to client on the update on the policy