The Personal Data Protection Commission has released a new Guide to Accountability when managing personal data. This was presented by Mr Tan Kiat How at the IAPP conference on July 15.
The guide was created to better support organisations in developing accountable data protection practices.
Organisations must shift from compliance mindset to accountability mindset
Guide covers accountability within organisation, in industry and in enforcement
The Guide to Accountability introduces the concept of accountability in the context of personal data protection. It covers accountability in three broad areas.
The First being within an organisation, then within the industry and then in enforcement. It includes examples and resources that organisations may use to translate accountability concepts into practical steps they can adopt.
Organisations should focus on Policy People and Process
Aside from the compulsory PDPA regulations, the commission suggests that organisations should consider further accountability measures, which can be categorised under Policy, People and Process.
When it comes to company policy the commission suggest that accountability measures should include embedding personal data protection into corporate governance through the involvement of senior management, and developing and communicating personal data protection policies clearly to both internally and externally.
Under People, the Guide highlights the importance of encouraging responsible personal data protection values in every employee. This could be done by through training and development, encouraging data protection to be part of company culture.
The Guide highlights that accountable organisations should put in place proper processes to operationalise their data protection policies throughout the data lifecycle and across its business processes, systems, products and services.
Updates to the Personal Data Protection Act
PDPC has also updated its Advisory Guidelines on Key Concepts in the Personal Data Protection Act (PDPA) to provide clarification on the relevant PDPA obligations and measures for accountability in personal data protection. This reflects the developments in data protection and supports the shift towards accountability in a Digital Economy.
Organisations may find it useful to refer to accountability tools that PDPC has introduced, such as the Guide to Data Protection Impact Assessment (DPIA), the Guide to Data Protection by Design for ICT Systems and the Guide to Managing Data Breaches 2.0.