The Personal information Protection Commission or PDPC discharged revisions and updates on the PDPC guidelines last Oct nine of last year. The newly-updated PDPC guidelines tips currently includes a revised Chapter half dozen, Chapter fifteen and a spanking new Chapter eight.

These tips, in a way, replicate PDPC’s interpretation of the private information protection act or PDPA. during a shell, these area unit the precise updates on every chapter:

Chapter 8 – clarifies the responsibilities of cloud service suppliers or CSP and organizations that utilize cloud services for private processing.

Chapter 6 dozen – clarifies the roles of a corporation and corresponding information intermediator regarding protective and guaranteeing the security of handling and process personal information.

Chapter 15 – focuses on access requests by personal information subjects.

In this article, we’ll explore a outline of every of the aforesaid revised and spanking new chapters.

Cloud services

Information concerning intermediaries and cloud services were further as a part of the new Chapter eight. This specific update answers the PDPA Transfer Limitation Obligation that is applicable once a shrunken service supplier or CSP transfers the private information outside of Singapore and at constant time, process personal information on behalf of a corporation.

In the event that this happens, Chapter eight explains that the CSP are dubbed as a knowledge intermediator. On the opposite hand, the organization participating with the CSP to method personal information on their behalf and for different skilled functions ought to mechanically suits the Transfer Limitation Obligation.

Processing personal information

In terms of process personal information, the newly-added Chapter eight expounds on the matter that the CSP process personal information on behalf of a corporation or a corporation would still hold obligations that area unit applied to information intermediaries like the Protection and Retention Limitation Obligation.

The Protection and Retention Limitation Obligation state that the CSP should have legit security measures to safeguard and make sure the safety of the private information that they’re handling and process. what is more, the Retention Limitation Obligation needs the CSP to stop to retain documents that contain personal information or to anonymize such personal information as before long because it is cheap to assume that the private information is not any longer required for the aim that it had been collected.

Overseas transfer of private information

Another vital content of Chapter eight is that  it clarifies the very fact that a business or organization operating with a CSP for handling and process personal information continues to be obligated to suits the Transfer Limitation Obligation. It doesn’t matter wherever the placement of the CSP is. The business or organization should make sure that the transportation of private information from one place to a different continues to be in accordance with the PDPA needs.

Thus, it’s vital for organizations and businesses operating with CSPs to create positive that their staff and assigned personnel area unit accustomed to the rules and its latest updates. These organizations ought to certify that they, themselves, understand what’s needed for the Transfer Limitation Obligation.

Access requests by information subjects

Lastly, the updates on the PDPA tips embody a revision to the access requests created by personal information subjects. The previous version clearly states that the PDPA doesn’t need the access request to be submitted aboard a reason for the request created. However, the updated version revised “does not require” to “does not expressly state.”

This goes to indicate that the PDPC prefers together with a reason within the access request. This specific update is a reminder for businesses and organizations to create positive that their PDPA compliant access requests replicate this new modification