• Academy
  • DP401: Applying the Personal Data Protection Act in a Business Environment
Back to Academy

Applying the Personal Data Protection Act in a Business Environment

 

This course provides a comprehensive practical understanding of the Singapore’s Personal Data Protection Act 2012 (PDPA). It covers all the main Data Protection and Do Not Call (DNC) obligations under the PDPA and will enable participants to apply the PDPA in various practical situations. This course covers essential topics such as developing data protection policies, requirements for processing personal data, data breach management, handling transfers of personal data and addressing contraventions of the PDPA. Participants will have opportunities, through case studies, practical exercises, and discussions, to relate what they learn to their own organisations, with a view to improving their organisations’ data protection policies and practices.

Who should attend?

This course is essential for anyone who wishes to develop a good practical understanding of the data protection obligations of organisations and rights of individuals under the PDPA. 

  • Data Protection Officers (DPOs) and Compliance Professionals
  • Data Protection / Privacy Counsels and Corporate Counsels
  • Data Scientists and Data Analysts
  • Information Technology (IT) and Cybersecurity Professionals
  • Human Resource (HR) Professionals
  • Executives, Managers, and Staff involved in the management, collection, use or other processing of personal data

Course Details

Course Code: DP401
Course Title: Applying the Personal Data Protection Act in a Business Environment
Course Duration: 2 days (approximately 14 contact hours)
Mode of Training: In-person
Available Date(s): 9 - 10 June 2025
Time: 9.00am - 5.00pm (SGT)
Venue: Drew & Napier LLC, 10 Collyer Quay, 10th Floor, Ocean Financial Centre, Singapore 049315

Course Fee: 

S$2,000.00 (excluding GST)

Course Outline

Day 1

  • Introduction to the PDPA and key data protection concepts
  • Taking responsibility for personal data: Demonstrating Accountability
  • Collecting, using, and disclosing personal data: Purpose, Consent, and Notification
  • Processing personal data: Data Minimisation, Accuracy, and Retention
  • Rights of individuals and responding to complaints
  • Application in specific areas: Anonymisation, Employment, and Data Analytics

Day 2

  • Cross-border transfers of personal data
  • Protecting personal data and offences relating to misuse of personal data
  • Responding to and notifying data breaches
  • DNC requirements
  • Application in specific areas: Cloud and Online Activities, Digital marketing, and Cybersecurity
  • Personal Data Protection Commission’s (PDPC) role and approach to enforcement of the PDPA

Course Facilitator

David-N-Alfred-CV.jpg
 
David N. Alfred
 

Director, Corporate &
Finance

Co-Head, Data Protection,
Privacy & Cybersecurity
Practice

Co-Head and Programme
Director, Drew Data
Protection &
Cybersecurity Academy