1 in 2 firms still unprepared for PDPA: survey

And the act officially kicks in tomorrow.

There’s less than a day left before the PDPA is officially implemented. But only 1 in 2 firms are fully prepared for the Act, the PDPC's Industry Readiness Survey revealed.

According to the Personal Data Protection Commission, organisations will have to comply with rules on the collection, use, disclosure and care of personal data in the Data Protection provisions of the Personal Data Protection Act 2012 starting tomorrow, 2 July.

“Based on an Industry Readiness Survey conducted by the Commission between February to April 2014, 1 in 2 organisations surveyed indicated that they already had adequate data protection measures in place and were clear what needed to be done for their organisations to comply with the PDPA,” noted the PDPC.

Here’s more:
Organisations will benefit from complying with the PDPA as it will help them gain consumer confidence and trust. The PDPA will also provide individuals greater control and protection of their personal data, while allowing organisations the ability to collect, use or disclose personal data for purposes that are reasonable and appropriate.

From 2 July 2014, organisations will have to notify individuals of the purposes for which their personal data is being collected, used or disclosed and obtain their consent to do so.

Organisations can however, continue to use personal data collected before 2 July 2014 for the purposes for which the personal data was collected without obtaining fresh consent, unless the individual has asked the organisation to stop doing so. Fresh consent will be needed if the personal data is used for new purposes.

Organisations must also protect personal data in their possession or under their control by making reasonable security arrangements to prevent any unauthorised activity to the personal data. Organisations should also cease to retain personal data when it is no longer necessary for business or legal purposes.

In addition, individuals will now have the right to access and correct their personal data. Upon request by individuals, organisations must, as soon as reasonably possible, provide the individuals with access to their personal data, and inform them of the ways in which their personal data has been or may have been used or disclosed in the past year. Organisations must also correct individuals’ personal data

Join Singapore Business Review community
A NOTE FROM SINGAPORE BUSINESS REVIEW

If you've been wondering whether SBR could work for your company — yes, probably.

A lot of the companies we partner with started as readers. They'd been following our coverage for a while, saw their own customers and competitors in it, and eventually asked the obvious question: could we do something with you? The answer is usually yes. The shape of it depends on what you're trying to do.


The options are broader than most people assume — thought leadership articles, sponsored content, industry summits across Southeast Asia, regional awards programmes, podcasts, and media placements in print and digital. Some partners use one channel; most use a mix. We figure out the right combination by starting with your brief, not with our rate card.


So if the question has been on your mind, here's the easy way to ask it.

We'll tell you honestly whether we can help, and how. It's a better use of everyone's time.