PRACTITIONER CERTIFICATE IN PERSONAL DATA PROTECTION (SINGAPORE) 2020 (WSQ) (SYNCHRONOUS E-LEARNING)

Course Overview

This three-day course identifies and communicates key legislative and regulatory requirements, assesses, documents and reports potential areas of non-compliance with regard to policies, procedures and business activities. It assists in the integration of procedures to ensure compliance, as well as prepares management report for follow-up.

Course Objectives

• Understand the importance of being accountable for the personal data that your organisation handles
• Identify and manage risks in personal data management
• Develop a Data Protection Management Programme
• Conduct a Data Protection Impact Assessment
• Help the respective organisation establish a robust data protection infrastructure through the use of risk-based tools
• Manage data breaches

Pre-requisites

For those who are new it is recommended to take the introductory course on the PDPA (titled "Fundamentals of the PDPA (2020)") first under the SkillsFuture Singapore's Skills framework for ICT but not mandatory.

Participants are assumed to be able to:

• Ensure organisation’s compliance to Personal Data Protection Act (PDPA)
• Manage risks associated with collection, use, disclosure and storage of personal data.
• Drive awareness of PDPA requirements in the organisation.
• Handle queries, complaints and disputes on the organisation’s management of personal data.
• Manage people and organisation in the areas of operational needs, optimising resources, budget allocation, managing and tracking team’s achievements.
• Assist the review of adherence to legislative and regulatory requirements in accordance with organisational guidelines / policies.
• Prepare management report for follow-up action.
• Hardware & Software
  This course will be conducted as a Virtual Live Class (VLC) via Zoom platform. Participants must own a zoom account and have a laptop or a desktop with “Zoom Client for Meetings” installed. This can be downloaded from https://zoom.us/download.

Course Outline

Chapter 1: Fundamentals of the PDPA (2020) – A Brief Recap

1.1 The DP provisions in the Personal Data Protection Act

• Amendment Bill effective 1st February 2020

1.2 The eleven obligations in the DP provisions

• Overview of the PDPA 11 Key Obligations and new Obligations (Data Breach Notification and Data Portability)
• Objectives of the Data Protection Regime
• Accountability is the fundamental principle
• Enhanced Consent framework
• New exceptions (Legitimate Interest, Business Interest and Research & Development) emphasise the importance to enable data use and innovation in a way that is meaningful to the customer

1.3 The Do Not Call (DNC) provisions

• Prohibition of dictionary attacks and address-harvesting software
• Liability of third-party checkers of the DNC Register
• Civil administrative regime for DNC offences

1.4 Appointment and role of a Data Protection Officer

• Registration of DPOs is a new category as part of companies’ registration with ACRA or other Government registries

Chapter 2: Accountability

2.1 What Accountability means and requires

• Concept of Accountability (Part III of the PDPA amended)

2.2 Data Protection by Design Approach

2.3 Addressing misconceptions of PDPA compliance

• Share in brief on some myths and mindsets to overcome

Chapter 3: Overview of the Data Protection Management Programme

3.1 Benefits: Why an organisation should have a DPMP

3.2 Components of DPMP:

• Governance and Risk: Establishing a governance structure to define values and identify risk with organisational leadership
• Policy and Practices: Developing a data protection policy with good practices
• Processes: Designing processes to operationalise policies
• Review: Detailing steps to keep data protection policy and processes up-to-date with changes in internal and external environments, e.g. regulatory, business and technology
• Some key steps to developing the DPMP

3.3 Considerations for implementing a DPMP

• Explain that there is no “one size fits all” approach

3.4 Addressing challenges in implementing DPMP

• (Discussion) What are challenges you face in implementing DPMP?

3.5 Establishing a Governance Structure

3.6 Getting started with the DPMP

3.7 DPMP with regards to data intermediaries

Chapter 4. Identify and Document Personal Data Handled, Part 1

4.1 Document Data lifecycle – what it is and why organisations need it

• Run through example of data flow diagram

4.2 How an organisation understands Data Life Cycle

(Hands-On Activity 1) How an organisation understands data life cycle

• Identify Business Process involving personal data

Chapter 5: Identify and Assess Risks, Part 1

5.1 Introduction to risk and risk management

Share on the principles of:

• Confidentiality (C): Risk to organisation or individuals arising from unauthorised or inappropriate disclosure
• Integrity (I): Risk to information quality or corruption
• Availability (A): Risk to information not being available to intended users

5.2 The place of data classification in risk management

• Decide what data classifications are appropriate for the personal data your organisation handles and classify the personal data

a) Identify and document risks

b) Classify Data

c) Identify potential risks in data lifecycle

• Exposure or gaps in each department’s specific processes?
• Are there any unauthorised disclosure of data?
• Is there excessive disclosure of personal data?
• What tools can be used to access areas of risk?
• E.g. Have we exercised due diligence when selecting a vendor?
• Is there an adequate contract in place with the vendor?

d) Decide what data classifications are appropriate for the personal data your organisation handles and classify the personal data

e) Go through the considerations and decide what specific actions need to be taken

5.3 Risks relating to the DP and DNC Provisions

• Examples of instances of non-compliance with the PDPA

5.4 Risk relating to business processes

5.5 Risk relating to data intermediaries (e.g. Outsourced data processing)

5.6 Risks relating to electronic processing of personal data (e.g. Are there safeguards in place?)

• Some causes of cyber security incidents or personal data breaches
• Difference between cyber security incident and personal data breach

(Hands-On Activity 1 - continuation)

5.7 Seven common mistakes made by organisations

Chapter 5: Identify and Assess Risks, Part 2

5.8 Assessing / measuring risks and ranking them – risk rating/scoring

• Assess, measure risks, prioritise top 5 risks
• Issues, vulnerabilities and weaknesses
• Apply the Risk Assessment Framework to the risks you have identified both at the overall organisation level and at the department level
• Qualitative or Quantitative Approach

5.9 Next steps after ranking risks - reporting to senior management

• How would you report your findings to senior management?

Certificate Obtained and Conferred by

Upon successful completion of the course, participants will receive the WSQ Statement of Attainment (SOA) issued by SkillsFuture Singapore.

Candidate who successfully completed the course with:  

1. 75% attendance  
2. Pass the assessment (Pass rate: 70%) 

will be awarded NTUC LearningHub Certificate of Completion

Additionally, there is an optional computer-based examination that participants can take after the completion of their course to obtain the Practitioner Certificate for Personal Data Protection (Singapore), co-issued by the PDPC and the International Association for Privacy Professionals (IAPP).

Conditions to be fulfilled in order to obtain the certificate

1. Candidates must complete the "Practitioner Certificate in Personal Data Protection(Singapore) 2020" preparatory course
2. Take the computer-based examination within six months of attending the preparatory course
3. Pass the computer-based examination by attaining a score of at least 70%

More information about the computer-based examination

• Format: Candidates will be given two hours to complete the computer-based examination comprising 50 multiple-choice questions
• Fee: $53.50 (Inclusive of GST)
• Registration: Click on the "Register for Examination" Link
• You must complete the “Practitioner Certificate in Personal Data Protection (Singapore) 2020” preparatory course with any of the PDPC’s appointed training providers and have obtained the Course Completion Certificate for this course. You must then take the examination within 6 months of completing this preparatory course.
• Registration for the examination after the 6 months period will be considered on a case-by-case basis. You may submit a request with valid reasons to NTUC LearningHub at [email protected] for their assessment.

Is there a validity period that I should take note of for the Practitioner Certificate in Personal Data Protection (Singapore) 2020?

• There is no expiry for the Practitioner Certificate in Personal Data Protection (Singapore) 2020.

Is there a cap/limit to the number of attempts to sit for the examination?

• There is no cap/limit to the number of attempts that each candidate may undertake to meet the passing criteria. Please note that a full examination fee applies for each attempt.

Additional Details

Medium of Instruction and Trainer
Medium of Instruction: English
Trainer: Trainee ratio is 1:20

Courseware: Online access provided on Canvas + Physical copy (for local use only)

Price

*After 70% ­­­­funding for SME-sponsored Singaporeans and PRs under Enhanced Training Support for SMEs (ETSS) scheme

Funding Eligibility Criteria:

Remarks:

Terms & Conditions apply. NTUC LearningHub reserve the right to make changes or improvements to any of the products described in this document without prior notice.

Prices are subject to other LHUB miscellaneous fees.