Above image: Screenshot from PDPA Assessment Tool for Organisations
The Personal Data Protection Commission of Singapore (PDPC) released a free online assessment tool on September 29 to help organisations identify gaps in their data protection management.
The PDPA Assessment Tool for Organisations (PATO) highlight potential gaps in personal data protection policies and practices, provides suggestions and recommends resources, such as the PDPC's advisory guidelines and guides, that organisations can use to improve their data protection policies and practices.
The self-assessment for organisations has a total of 40 questions across 11 categories, such as Consent, Purpose Limitation, Notification, Retention Limitation, Transfer Limitation and Do not call provision. Each category has between 1 to 8 questions and could take between 5 to 40 minutes to complete. Each question has to be answered with either 'Implemented', 'Partially Implemented', 'Not Implemented', or 'Not Applicable'.
The individual taking the test can also describe what their organisation has done to be PDPA ready. This includes measures such as policies, procedures, forms, security measures, training or response plans, data inventory maps, consent register, data protection management programme, data protection impact assessment and contract clauses.
The results report includes an assessment score, recommendations and guidelines. The results can be downloaded after the test and they are not retained by PDPC.
The tool was mentioned in the list of upcoming resources for organisations, when the PDPC launched a public consultation on its review of the Personal Data Protection Act (PDPA) to keep pace with technology and global developments. On September 20, the consultation was extended to October 5.
Mr. Yeong Zee Kin, Deputy Commissioner of PDPC, said in a speech on September 29, is in the process of finalising guides to assist companies to put in place Data Protection Management Programmes and to help businesses conduct Data Protection Impact Assessments.
PDPC also plans to launch a Data Protection Trust Mark certification scheme by the end of 2018. In a survey conducted last year, PDPC found that 4 in 5 consumers would be more confident transacting with an organisation that holds an accreditation for meeting personal data protection standards. The Trust Mark can be seen as a recognition that an organisation has put in place accountability practices that go beyond a checklist approach to compliance. PDPC will also recognise adoption of Data Protection by Design practices.
PATO can be accessed here.