Course Overview
Learners will learn how to assess current and potential risks within a functional area, and develop risk countermeasures and contingency plans.
Course Objectives
You will have knowledge of the following:
- Risk identification and assessment techniques for business processes, third party/ service vendors, and processing of personal data electronically
- Risk assessment report development
- Complex or advanced methods to manage risks and safeguard stakeholders interests
- Implementation considerations and rationale for risk management processes
- Data protection risk assessment in relation to DP provisions
- Data protection risk assessment in relation to business processes when processing personal data throughout the data lifecycle (from collection, storage, use, disclosure, disposal and archival), including DPIA
- Data protection risk assessment in relation to data intermediaries in areas such as contracts and vendor performance management
- Data protection risk assessment in relation to electronic processing of personal data including data security, cloud technology, anonymisation, IT system/website
- Data protection risk
You will be able to perform the following:
- Institutionalise DP risk management as part of organisation-level risk management approach
- Establish baseline of vulnerabilities, gaps and exposures to data protection related risks
- Develop implementation plan for organisation-wide personal data protection risk management processes and procedures
- Determine need to conduct a DPIA
- Manage existing and potential DP risks associated with technology
- Manage existing and potential DP risks arising from data sharing
- Coordinate with relevant department to mitigate contractual and technological risks arising from data protection
Pre-requisites
- Learner has attended and is competent for module titled Fundamentals of Personal Data Protection Act or its equivalent
- Learners are assumed to be able to:
- Understand relevant organisational strategies, objectives, culture, policies, processes and products/services
- Have information gathering skills to gather and collate necessary data
- Have analytical skills to assess policies and procedures
- Have business writing skills to prepare management report
- Have interpersonal and communication skills to interact with relevant stakeholders
- Have facilitation skills to ask the right questions to elicit necessary information
- Be aware of compliance requirements of organisation
Hardware & Software
This course will be conducted as a Virtual Live Class (VLC) via Zoom platform. Participants must own a zoom account and have a laptop or a desktop with “Zoom Client for Meetings” installed. This can be downloaded from https://zoom.us/download
System Requirement |
Must Have: Please ensure that your computer or laptop meets the following requirements.
Good to Have:
Not Recommended: |
Course Outline
Risk of non-compliance with the following obligations under PDPA:
- Consent obligation
- Notification obligation
- Purpose limitation obligation
- Accuracy obligation
- Retention limitation obligation
- Protection obligation
- Access and correction obligation
- Transfer limitation obligation
- Openness obligation
- DNC provisions
Risks relating to business processes
- Developing a Data Inventory Map
- Identify relevant activities
- Examination of issues concerning activities
Risks relating to data intermediaries/third parties/service vendors
Risks relating to electronic processing of personal data
Risks relating to data sharing
Develop risk assessment report
- Content of report
Managing risks with third parties/vendors/data intermediaries
- Conduct due diligence
- Monitor activities and performance
- Managing contracts
Developing a DPIA
- Assessing need
- Stakeholders
- Substantive considerations
- Identifying personal data and personal data protection flows
- Identify and assess risks
- Create action plan
- Implementation of action plan
Categories
More Information
- NTUC LearningHub
Add a review