YB Dato' Sri Ahmad Shabery bin Cheek, Minister of Communications and Multimedia, has made announcement that the Personal Data Protection Act 2010 ("PDPA") comes into operation on 15 November 2013. With PDPA coming into force, data users will have a three-month transitional period to comply with its provisions in respect of existing personal data being processed, but will have to immediately comply with its provisions in respect of new personal data collected.
The penalties for breaching the PDPA include the imposition of fines of up to RM500,000 and/or a term of imprisonment not exceeding two years. Directors, CEOs, COOS, managers or other similar officers have joint and several liability for non-compliance by the body corporate, subject to the due diligence defence.
Will this affect me?
Both the public and private agencies who process their customers' personal data will need to reevaluate their current data privacy policies, processes and personal data management. Indiviuals will now have a new set of mandated rights, whereby they need to be informed about their personal data as well as the rights to access, correct and also to control the procession of the personal date by other parties.
Does this apply to my company?
This act is applicable to Malaysian companies that process personal data. Non-Malaysian companies who use equipment in Malaysia to process personal data is also subject to the PDPA. For non Malaysian companies, a designated Malaysian representative is required in this case.
This training is specially crafted for those who need to know more about personal data protection and who has contact with personal data on a regular basis.
There are some new regulations coming into Malaysia as of 25th May 2018. These regulations are known as the EU GDPR. The full name is European Union General Data Protection Regulation 2016 and malaysian companies dealng with EU data or storing their HR data in their EU parent company are bound by these regulations.
The implications for businesses that fall under the remit of the EU GDPR are significant. Organisations, which fail to comply will be subject to a fine of up to 4 percent of global turnover, or EUR 20 million, whichever is greater.
By the end of the Personal Data Protection Awareness training course, delegates will be able to:
- Understand, implement and ensure compliance to the PDPA
- Understand, implement and ensure compliance to the EU GDPR (latest update)
Who Must Attend
 Directors, Chief Executive Officers, Chief Financial Officers, General Managers, Human Resource Managers, Compliance Officers. Marketing & Sales Managers, Business Entrepreneurs, Legal Advisor.
Module 1: Data Protection At the Workplace
Discussion on General Principles on Personal Data Protection Act 2010
This module will look at how to:
- Appreciate who and what is covered by Personal Data Protection rules
- Understand the organisation’s policy and aims on personal data use
- Overview of the Act
- Know and apply the core principles for personal data use
Module 2: Criminal Offences and Liabilities under the PDPA 2010
- Punishment for contravention of the Act
- Offences by body corporate
- Contravention of the personal data protection principles
- Processing of sensitive personal data in contravention to Section 40
- Unlawful collection or disclosure of personal data
Module 3: Notice and Choice Principle
- When do you need to seek the consent of data subjects?
- How do you seek consent and exemptions to consent
- Channels of serving Notice to employees, contractors, supplies, vendors and visitors
- Guidelines on Consent
- Recognise when, and for what purpose staff / customer data may be used
- Questions to ask when collecting Data.
Module 4: Compliance: The What, When and How
- What do companies need to do in order to comply?
- When do companies need to fully comply?
The Employer’s Perspective: Change of Approach Required?
The series of changes intended to be brought about by the Act will invariably affect the way employers approach employment issues where the employees’ personal information is involved.
- Understanding applications to Employment Relationships
- Understanding how the Employment Act 1955 affects Personal Data
- How do companies set up an effective compliance framework?
- Guidelines on understanding Purpose under Section 6 PDPA 2010.
Module 5: Issues and Implications of the Principles
- Disclosure Principle and guidelines on when you can refuse to disclose or partially disclose;
- Retention Principle in relation to Employees and former employees;
- Data Integrity Principle
- Access Principle
- Activities relating to each Principle will be done.
Module 6: Benefit and Risks
- Benefits and challenges in being PDPA complaint
- Understanding the implementation of PDPA and the stages of Employment that is
Pre/Beginning/During and End of Employment.
- Potential privacy related risks to organisations
- Case study on personal data issues and impacts
Module 7: The Personal Data Protection Standards 2015
- The Data Security Standard distinguishes between conventional and electronic data management
and prescribes various security measures in relation to each.
- Data Retention Standard focuses
- Data Storage Standards
- Data Integrity Standard
- Data Security Standard
Module 8: Human Resource Department and PDPA principles
For Human Resources departments, meeting the requirements of data protection law can be particularly challenging. Holding and handling staff information carries significant legal responsibilities and risks. This module discusses key areas of compliance issues.
- Ensuring that the recruitment and selection process meets legal requirements, including the content of
application forms, pre-employment vetting, criminal records, medical checks and the interview process
- Retaining staff records, and appropriate periods of time for keeping information
- Dealing with staff information requests – what must be disclosed and can be withheld
- Disclosing staff information to outside third parties –the legal requirements that must be met before staff
information can be sent outside the organisation
- References and the rights of ex-members of staff
- Monitoring staff activities and communication including using Managers, CCTV cameras and website
- Outsourcing functions to third party providers
Module 9: Security Guidance
This module looks at what constitutes a Personal data security breach and how such breaches can occur. It also considers how to avoid breaches, and the practical steps that should be taken when a breach occurs. Key aspects of this module include:
- Analysis of the Security Principle under Section 9 PDPA
- Managing Information security
- Data Security Standard -Implementation
- Understanding risks to Personal Information
- Taking a holistic approach to data security – staff vetting and access and other important organisational
measures that should be implemented
- Knowing what to do in the event of a data protection breach
The Principles 2010 and Standards 2015 will provide protection to the individual’s personal data, thereby safeguarding the interests of consumers, and e-commerce, network and non network facility practitioners.
Module 10: European Union's General Data Protection Regulation (GDPR)
- Why was the GDPR drafted?
- When will the GDPR apply?
- Who does the GDPR apply to?
- Understanding the compliance to GDPR in details
LL.B (Hons) London, CLP (Malaysia), TESOL (Canada)
- Legal Experience includes civil litigation like employment matters , company ,corporate and banking issues.
- Conducted seminars for Employment law including on mock Industrial hearings of Domestic Inquiries and the Personal Data Protection Act 2010 which includes follow up legal advice for Pro-tem comittees on PDP implementation and drafting of Consent letters as required under the Act.
- Trained for the Federation of Manufacturers of Malaysia (FMM).
- Involved in advise and drafting of Human Resource policy and procedures. Also in the drafting of legal letters and advice of legislation pertaining to proper administration of Human Resource issues.
- Some of the in-house and public programs include those from, NIAM (Persatuan Insuran Kebangsaan Malaysia), Honda, Petronas Fertilizer (Kedah), Suruhanjaya Syarikat Malaysia, Sime Darby, Malaysia Multimedia Commission, Penang Bridge Sdn Bhd., Solectron, Bax Global, TM, Yan Jin (M), Cititel Penang, Evergreen Laurel Hotel, Government Teachers in various schools, Smart Modular, Kwong Wah Yit Poh Press Berhad, Vitrox Technologies, Staff of UITM, Bank Negara, Dimerco Sdn.Bhd, G-Pile Sistem Sdn.Bhd., Masterskill (M) Sdn.Bhd, Subalipack (M) Sdn.Bhd, Mitsubishi Motors Malaysia Sdn.Bhd, Sumitomo Metals Sdn Bhd, Lembaga Koko, MARA and other government agencies and many more.
In summary, Ambigah
- When not conducting training programs, Ambigah Krishnan tends to her legal consultation especially in the corporate field.
- Legal programs enhanced with Legal Practitioner’s advice and opinions. Imparting experience as Legal advisor and Litigation lawyer to be part of teaching of legal programs.
- Able to combine the elements taught in a specific program both soft skills and Legal with real life requirements for those on the job.
To contact Ms Ambigah for any speaking, training and consultancy engagements, :
please contact us at +603 8074 9056 | Mobile +6012 6869 628 | +6018 2735 123 or email: info@iTrainingExpert.com
“I had limited knowledge one PDPA before attending this course. The training helped me to understand the process necessary to be put in place in the company. It’s driven me to re-read and further gain additional knowledge on PDPA.”– Hana Rabi, Media Prima CJ O Shopping Sdn. Bhd.
“This training taught me the practical side of PDPA and made me feel much more knowledgeable about the law. The trainer is very good and has a vast knowledge of PDPA. If there are any other programs on say public speaking, I’d be interested to attend those.”Nurul, Clinical Research Malaysia.
"After asking lots of questions during the workshop, I am more aware of my rights in giving out my pesonal data" KH, Chong, Eagleburgmann (M) Sdn Bhd
|Sign up 1 pax|
|Pay before course starts|
|Sign up 1 person|
|Pay 14 days before course starts|
|Sign up 3 pax or more|
|Pay 14 days before course starts|
(Fee inclusive of Buffet Lunch, Refreshment, Welcome Pack, Training Materials & Certificate of Achievement)
1. ONLINE PAYMENT by Credit card: You can opt to register and pay online with our latest payment integration system through our website.
2. BANK IN CHEQUE
Bank in and then scan the Bank-in slip and email to us before the course commence to confirm your seat.
Courier your cheque payment to our Finance HQ.
* Note that we DO NOT take any payments during the event.
3. BANK IN CASH: You can also pay by cash through bank-in our company bank account.
4. Telegraphic Transfer- You can also opt to use GIRO or telegraphic transfer of payment via international banks.
ITRAININGEXPERT GLOBAL PLT
Tel:+603 8074 9056 | +603 8082 3707
Mobile: +6012 6869 628 | +6018 2175 123