The Ninja Sensei’s Logbook: The Fine Art of Getting a ‘YES’ — Navigating Consent and Notification under the PDPA

Organisations in Singapore, whether big or small, need to collect, use, and disclose the personal data of individuals before they can give services. However, before they can do so, the PDPA requires them to get proper consent or risk having a financial penalty for breaching the provision.

Obtaining consent from individuals is a critical step in protecting their personal data.

When collecting personal data, ensure that individuals understand the purpose for which their data is being collected and that they have given explicit consent for their data to be used in that way.

Tips to ensure that you are obtaining consent in the proper way:

✅Be transparent about data collection. Ask yourself: Are individuals aware of what personal data you are collecting, why you are collecting it, and who it will be shared with?

✅Use clear and concise language. Avoid using technical jargon or complicated language that could confuse individuals. Use simple and easy-to-understand language to explain what you are doing with their data.

✅Provide options. Offer individuals the option to opt in or opt out of certain types of data collection, as well as the ability to delete their data if they so choose.

✅Keep records of consent. Keep a record of when and how individuals gave their consent, including the date and time, the method of consent, and the specific terms to which they agreed.

✅Regularly review consent. Review your consent process on a regular basis to ensure that it remains up-to-date and compliant with applicable laws and regulations.

In terms of what personal data is acceptable to collect, ensure that you are only collecting data that is necessary for your business or organisation’s legitimate purposes.

Examples of personal data that are commonly collected include names, addresses, email addresses, and phone numbers.

Follow these tips and get that YES before you collect, use, or disclose any personal data for your organisation and avoid the hefty financial penalty from the PDPC ranging up to S$1,000,000.

P.S. Got questions or do you need help with your cybersecurity and data protection compliance journey? Don’t hesitate to reach out to your friendly cybersecurity and data protection experts at Privacy Ninja. We are always a text/call or email away!

📱 WhatsApp: +65 8750 4250

📧 email: ninjas@privacy.com.sg

This post first appeared on Andy’s LinkedIn wall. Follow us on the following pages for more updates! Facebook | Twitter | LinkedIn | YouTube | Website