The Personal Data Protection Commission Singapore just has issued its latest set of guides for organisations relating to the protection and processing of personal data on 20 July 2016.
On a recent update, the PDPC outlines an extensive list for companies. Personally, I don’t think it’s their intend for us to follow him through all items strictly. However, we need to be diligent in keeping our customers data secure. It can be a simple contact form for our customers leave their contact details. Hence, we need to decide the extent of the security.
PDPA (Personal Data Protection Act) Obligations
Section 24 of the PDPA requires an organisation to make “reasonable security arrangements to protect personal data in its possession or under its control to prevent unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks.”
The company(client) is responsible for their own website.
Refer to 3.2 (Negotiating IT Vendor’s responsibilities) of “Guide on Building Websites for SMEs”
Read more at PDPC’s website.
Actionable steps for Companies
Which type of websites needs to comply? As long as you’ve got these functions below.
- Contact form
- Shopping cart
- Events registration
Quick glance: Questions for companies to ask vendors
- Who have access to customer’s data?
- Development and maintenance done by vendor or outsourced?
- Resiliency of website. If the site goes down, what is the next course of action?
- Extent of security. What have been done to ensure security?
- (WordPress websites) When was the last update on the core and plugin files?
Qualities of a vendor
- Provide proposal on how personal data is handled.
- Ensures vulnerabilities are patched.
- Ensure that the personal data of individuals handled by the website is not disclosed to unauthorised parties by their personnel or sub-contractors.
- Advise appropriate security measures for the website.
Need help with PDPA compliance? Contact us for an assessment.
At Krome, we specialise in website design and development services. If you or your client are interested in creating a site, it’s time to tell us about your project or have a chat about what we can do. You can contact us here.