The Ninja Sensei’s Logbook: Of MCSTs and Data Protection Officers
MCSTs, or Management Corporation Strata Title, also collect, use, and disclose personal data. With this, they are covered by the PDPA, and are obliged to observe the Data Protection Obligations under it, such as the Protection Obligation, Consent Obligation, and the Retention Limitation Obligation.
Having said this, in order for MCSTs to avoid the hefty financial penalties imposed by the PDPC in the event of a data breach, MCSTs need to observe good data protection practices, also keeping in mind that the organisation’s reputation is on the line.
MCSTs are also required under the PDPA to hire a DPO
MCSTs are required to hire a DPO who will have the following responsibilities laid in the Advisory Guidelines for Management Corporations:
✔️ Putting together a personal data protection policy that sets out the purposes for which personal data may be collected, used, or disclosed by the MCST as well as other data protection practices of the MCST to ensure compliance with the PDPA and making information about this policy available to all stakeholders;
✔️ Raising awareness and fostering a culture of data protection among staff (e.g., estate security guard), subsidiary proprietors, estate residents, and council as well as executive committee members of the MCST;
✔️ Developing and implementing policies and processes for the proper handling and management of personal data protection-related queries and complaints (e.g., access and correction requests) and making information about the complaints process available on request; and
✔️ Alerting the MCST to any risks that might arise with regard to the collection, use, or disclosure of personal data.
Beyond the mandate: How a DPO can help MCSTs
A Data Protection Officer (DPO) oversees data protection responsibilities and ensures that organisations such as MCSTs comply with the Personal Data Protection Act (PDPA). With a DPO in place, MCSTs can rest easy that any instance of data breaches will be curbed, and compliance will be upheld.
At Privacy Ninja, for instance, we work closely with our MCST clients to help develop their data protection policies and documentation. This includes provisions regarding their CCTV usage, visitor logging and General Council / General Meeting publishing.
P.S. For any further questions or if you need help with your cybersecurity and data protection compliance journey, don’t hesitate to reach out to us. We are always a text/call or email away!
📱 WhatsApp: +65 8750 4250
📧 Email: ninjas@privacy.com.sg
