Our end-to-end Data Protection Compliance services are designed to provide a systematic all-in-one solution to help companies achieve operational compliance with the Personal Data Protection Act (PDPA) and/or General Data Protection Regulation (GDPR).

Ideal for

Medium to large companies

  • Companies looking for a one-stop solution and services to “get compliant” and “stay compliant” with the PDPA
  • Companies which already have legal support but need a complete compliance framework and to demonstrate accountability
  • Companies operating in multiple jurisdictions which have data protection laws

What It Includes

  • Project management & training of PDPA committee and data protection officers/managers
  • Assessment of PDPA risks and gaps, complete with “traffic light” dashboard on compliance status across multiple departments / entities
    • Personal data flow of main business processes
    • Personal data Inventory
    • On-site audits of privacy and security vulnerabilities
  • Guidance on relevant policies, practices and controls including:
    • Data Protection Policy (internal)
    • Data Protection Notice
    • Consent clauses & PDPA notices
    • Retention Policy
    • Bring-Your-Own-Device Policy
  • Legal advisory and review of relevant contracts
  • Training of operational staff on PDPA as well organisation’s policies and practices focusing on the collection, usage and disclosure of personal data.
  • Audit process to ensure sustainable compliance
  • Complete response management process to handle complaints, data breaches and inquiries
  • End to end PDPA services are delivered through the Straits Interactive Data Protection Management System (DPMS) so that clients can manage operational compliance on an ongoing basis
  • Roadmap for international certification for data protection officer

Note: All our advisors or trainers are Certified Information Privacy Managers or Technologists

Our Legal Partners: