The Data Protection Management System is a Compliance Collaboration and Management Tool that helps companies to productively manage the process of governance, risk and compliance with Singapore’s new data protection laws.
- SMEs already familiar with PDPA but need automated tools to manage the compliance process
- Consultancy & Law firms looking to support their clients
- Companies needing to track compliance across multiple lines of business or business entities
The system provides organisations with a step-by-step approach in:
- Assessing and taking inventory of their personal data information assets
- Conducting self-assessment for PDPA readiness and the 9 obligations
- Performing an information security assessment and onsite audit
- Monitoring gaps and managing actions through an ongoing compliance dashboard
- Managing data breaches, complaints, responses through an integrated response management system
- Consolidating all communication and training initiatives relevant to PDPA
- Tracking compliance of PDPA related policies through email response and acceptance
Section 1: Personal Data Inventory Map
Personal Data Inventory Assessment
The Data Protection Officer (DPO) can input personal data inventory of the entire organisation as well as how data is collected, used and disclosed, and their relevant purposes. This section also documents personal data by 1) means of collection, 2) departments, and 3) where data is stored.
Data Protection Assessment
DPO, departments, company entities can take a self-assessment of where they are in terms of compliance to PDPA. The self-assessment can also be customised for each organisation’s needs and can be adapted for use with any other country’s data protection laws.
Section 2: Risk Assessment Audit
The DPO can also take an information security self-assessment to determine security gaps within the organisation and manage the risks proactively by taking relevant actions. The assessment looks at all aspects of information security (and includes ISO 27002 security considerations).
This module also includes a company internal-audit section where users can load in photos of their on-site audit (before vs after scenarios).
Section 3: Action Plans
This module will auto-generate the relevant actions needed for Section 1 & Section 2. The DPO can manage the actions via a To-Do list so as to help facilitate the audit and compliance process.
Section 4: Dashboard Management
DPOs can view:
- A single view (or multi-department/entity) progress dashboard of their compliance efforts as it relates to A) Personal Data Protection Law, and B) Information Security Risk Management.
- A summary of the Personal Data Inventory flow from collection, usage to disclosure. A flat file of entries can also be downloaded for further analysis.
- Incident management statistics and insights.
Section 5: Operations Management
This includes an incident management module, which allows the DPO to easily manage complaints, inquiries and requests for access and correction of personal data. It allows the DPO to track all activities relevant to data protection. Enter the nature of the incident and DPMS will extract the relevant supporting information from the data inventory map.
It also includes a communications management module for documenting training that is conducted.