NTUC LearningHub

Course Overview

Learners will learn how to assess current and potential risks within a functional area, and develop risk countermeasures and contingency plans.

Course Objectives

You will have knowledge of the following:

  • Risk identification and assessment techniques for business processes, third party/ service vendors, and processing of personal data electronically
  • Risk assessment report development
  • Complex or advanced methods to manage risks and safeguard stakeholders interests
  • Implementation considerations and rationale for risk management processes
  • Data protection risk assessment in relation to DP provisions
  • Data protection risk assessment in relation to business processes when processing personal data throughout the data lifecycle (from collection, storage, use, disclosure, disposal and archival), including DPIA
  • Data protection risk assessment in relation to data intermediaries in areas such as contracts and vendor performance management
  • Data protection risk assessment in relation to electronic processing of personal data including data security, cloud technology, anonymisation, IT system/website
  • Data protection risk

You will be able to perform the following:

  • Institutionalise DP risk management as part of organisation-level risk management approach
  • Establish baseline of vulnerabilities, gaps and exposures to data protection related risks
  • Develop implementation plan for organisation-wide personal data protection risk management processes and procedures
  • Determine need to conduct a DPIA
  • Manage existing and potential DP risks associated with technology
  • Manage existing and potential DP risks arising from data sharing
  • Coordinate with relevant department to mitigate contractual and technological risks arising from data protection

Pre-requisites

  1. Learner has attended and is competent for module titled Fundamentals of Personal Data Protection Act or its equivalent
  2. Learners are assumed to be able to:
  • Understand relevant organisational strategies, objectives, culture, policies, processes and products/services
  • Have information gathering skills to gather and collate necessary data
  • Have analytical skills to assess policies and procedures
  • Have business writing skills to prepare management report
  • Have interpersonal and communication skills to interact with relevant stakeholders
  • Have facilitation skills to ask the right questions to elicit necessary information
  • Be aware of compliance requirements of organisation

Hardware & Software

This course will be conducted as a Virtual Live Class (VLC) via Zoom platform. Participants must own a zoom account and have a laptop or a desktop with “Zoom Client for Meetings” installed. This can be downloaded from https://zoom.us/download

System Requirement
Must Have:
Please ensure that your computer or laptop meets the following requirements.

  • Operating system: Windows 10 or MacOS (64 bit or above)
  • Processor/CPU: 1.8 GHz, 2-core Intel Core i3 or higher
  • Minimum 20 GB hard disk space.
  • Minimum 8 Gb RAM
  • Webcam (The camera must be turned on for the duration of the class)
  • Microphone
  • Internet Connection: Wired or Wireless broadband
  • Latest version of Zoom software to be installed on computer or laptop prior to the class.

Good to Have:

  • Wired internet connection
    Wired internet will provide you with stable and reliable connection.
  • Dual monitors
    Using a dual monitor setup will undoubtedly improve your training experience, enabling you to simultaneously participate in hands-on exercises and maintain engagement with your instructor.

Not Recommended:
Using tablets is not recommended due to their smaller screen size, which could cause eye strain and discomfort over the course of the program's duration.

Course Outline

Risk of non-compliance with the following obligations under PDPA:

  • Consent obligation
  • Notification obligation
  • Purpose limitation obligation
  • Accuracy obligation
  • Retention limitation obligation
  • Protection obligation
  • Access and correction obligation
  • Transfer limitation obligation
  • Openness obligation
  • DNC provisions

Risks relating to business processes

  • Developing a Data Inventory Map
  • Identify relevant activities
  • Examination of issues concerning activities

Risks relating to data intermediaries/third parties/service vendors

Risks relating to electronic processing of personal data

Risks relating to data sharing

Develop risk assessment report

  • Content of report

Managing risks with third parties/vendors/data intermediaries

  • Conduct due diligence
  • Monitor activities and performance
  • Managing contracts

Developing a DPIA

  • Assessing need
  • Stakeholders
  • Substantive considerations
  • Identifying personal data and personal data protection flows
  • Identify and assess risks
  • Create action plan
  • Implementation of action plan
Categories
More Information
  • NTUC LearningHub
  • No comments yet.
  • Add a review
    error: Content is protected !!