All companies and organizations operating in Malaysia must abide by the terms and conditions of the Personal Data Protection Act 2010. It is essential to understand the obligations all parties have towards maintaining the integrity of data security in accordance with the relevant laws.

This 1-Day training program aims to educate participants on the details of the PDPA, the legal compliance it demands in all areas of daily operations and how it intersects with other, more recent laws. Course content emphasizes a practical approach towards the questions that arise in relation to an organization's management of personal data. As well as a general analysis of scenarios that make parties vulnerable to penalties.

By the end of this training program, participants should be able to:

• Understand the application of the Personal Data Protection Act 2010 and the ramifications of non-compliance.

• Reorganize the practices of your respective work areas to support data protection in line with Personal Data Protection Act 2010 and other relevant laws.

• Maintain data integrity and ensure business continuity without infringement or exposure.

• Develop mechanisms to detect and prevent unauthorized dissemination of Personal Data.

• Develop and execute a Risk Based Compliance Inspection Plan to protect personal data.

All high and mid-ranking personnel whose jobscope entails the management of personal data. These include:

• Directors.
• Chief Executive Officers.
• Chief Financial Officers.
• General Managers.
• Human Resource Managers.
• Compliance Officers.
• Marketing & Sales Managers.
• Business Entrepreneurs
• Legal Advisors.

Mid-ranking personnel include:

• IT Legal & Compliance
• Human Resources
• Customer service
• Internal Audit
• Sales & Marketing
• Accounting & Finance

Module 1: Personal Data Protection Challenges At the Workplace

• The main Ingredients of PDPA 2010
• Understanding Section 6 and Consent
• Forms of Consent -Implicit/Validity/Explicit and how to be compliant
• Managing Consent -How to obtain/Who consents/The process and compliance
• Sensitive Personal data and consent
• Ten Challenges for PDPA in the Digital Economy
• Personal Data and Cloud computing
• Guidelines on understanding Purpose under Section 6 PDPA 2010.

Module 2: Transparency of Data Handling and the Right To Be Forgotten

• Primary duties of Data User under Section 7 PDPA 2010
• Data User subject to Audit and Inspection
• Due Diligence and role of Data User
• Statutory duties of Data User under PDPA 2010
• When must Notice be given
• Elements for Notice S.7 Compliance – How to collect / Means of sources / Disclosure to Third parties and rights of Data Subject
• Channels of communication – Best practice

Module 3: Issues and Implications of the Principles

• Disclosure Principle and guidelines on when you can refuse to disclose or partially disclose;
• Guidelines and understanding the Retention Principle and how it relates to Employees and former employees;
• Guidelines on Disposal of Records as per Retention Principle - Reasons for destruction/Destruction Methods/documentation for disposal/Checklist
• Guidelines and understanding the Data Integrity Principle
  Access Principle and guidelines on how and when to grant excess to access requests.

A discussion on how the principles will be used in the compliance system of the company.

Module 4: Security Guidance and Privacy Impact Assessment
This module looks at what constitutes a Personal data security breach and how such breaches can occur. It also considers how to avoid breaches, and the practical steps that should be taken when a breach occurs.

Key aspects of this module include:

• Analysis of the Security Principle under Section 9 PDPA
• How security principle used in relation to Nature of Data / Location / Third Party Outsourcing / Measures
• Do’s and Don’ts of Data Security and Common Breaches as highlighted by MCMC / PDP office.
• Data Security Standard -Implementation and Compliance
• Assessing Risks and Impact
• Compliance with Inspection Requirements

Module 5: Commissioner and understanding powers under S.104 to S.109 PDPA 2010

• Powers of Investigations by PDP Officers
• Penalties for Obstruction and search / seizure of data
• Criminal Offences and Liabilities under the PDPA 2010
• Punishment for contravention of the Act
• Offences by body corporate
• Contravention of the personal data protection principles
• Processing of sensitive personal data in contravention to Section 40
• Unlawful collection or disclosure of personal data
• Personal Data Protection (Compounding of Offences) Regulations 2016

Module 6: [1] A Risk Based PDPA Compliance

• Data Illegality
• Data Irregularity
• Untenable Data Support
• Data Leak and Abuse

CASE STUDIES ON BREACH
2] Creating a high level data map

• How to map this approach?
• Turning data map into a data register
• Reassurance and Risk
• Operationalise Data Protection, and keep it living
• identifying personal information to support the initial data map
• Data Protection Impact Assessment template

Compliance for Section 6

• Samples on Purposes for Section 6 and Guideline on how to draft the Purpose clause in documents
• Effect of Personal Data Protections Regulations 2013
• Drafting consent clause for marketing of products
• Sample clauses for withdrawal of consent
• Drafting caution into letters.

Compliance for Section 7

• Discussion on Drafting the Consent Notice for various categories of Business sectors
• Discussion on Drafting Consent Notice for Application forms/ Interview forms/ Confidentiality clauses on consent etc
• Drafting the Notice and understanding how to draft the purpose clause in the Notice
• Guidelines on different categories of Notices

Module 7: Compliance for The Personal Data Protection Standards 2015 [Mandatory]

• The Data Security Standard distinguishes between conventional and electronic data management and prescribes various security measures in relation to each.
• Data Retention Standard
• Data Storage Standards
• Data Integrity Standard
• Data Security Standard

Module 8: Data Governance Strategies

• Building awareness for all staff
• Organisational and Operational measures
• Benchmarking goals/objectives
• Documentation and Audit
• Implementation

Module 9: Updates 2019 – Proposed law to be introduced

• Data Breach Notification
• Details of the Data Breach
• Containment or Control measures
• Containing the Breach – Steps to take
• Notification procedure
• Format provided for DBN

AMBIGAH KRISHNA
LL.B (Hons) London, CLP (Malaysia), TESOL (Canada)

Ambigah has 15 years of training and lecturing experience on legal topics including civil litigation like employment matters, company, corporate and banking issues. She is a PSMB licensed corporate trainer and Corporate Legal Adviser who has a vast  professional experience in the training industry.  She has excellent communication, writing, people and class management skills.

Work Experience 

 - Trained and lectured for private companies and government entities.  Participants made up of managers, CEOs, CFOs, corporate and government support staff and executives.

- Legal Experience includes civil litigation like employment matters , company ,corporate and banking issues.

- Conducted seminars for Employment law including on mock Industrial hearings of Domestic Inquiries and the Personal Data Protection Act 2010 which includes follow up legal advice for Pro-tem comittees on PDP implementation and drafting of Consent letters as required under the Act.

- Trained for  the Federation of Manufacturers of Malaysia (FMM).

- Involved in advise and drafting of Human Resource policy and procedures. Also in the drafting of legal  letters and advice of legislation pertaining to proper administration of Human Resource issues.

Some of the in-house and public programs include those from, NIAM (Persatuan Insuran Kebangsaan Malaysia), Honda, Petronas Fertilizer (Kedah), Suruhanjaya Syarikat Malaysia, Sime Darby, Malaysia Multimedia Commission, Penang Bridge Sdn Bhd., Solectron, Bax Global, TM, Yan Jin (M), Cititel Penang, Evergreen Laurel Hotel, Government Teachers in various schools, Smart Modular, Kwong Wah Yit Poh Press Berhad, Vitrox Technologies, Staff of UITM, Bank Negara, Dimerco Sdn.Bhd, G-Pile Sistem Sdn.Bhd., Masterskill (M) Sdn.Bhd, Subalipack (M) Sdn.Bhd, Mitsubishi Motors Malaysia Sdn.Bhd, Sumitomo Metals Sdn Bhd, Lembaga Koko, MARA and other government agencies and many more.

When not conducting training programs, Ambigah Krishnan tends to her legal consultation especially in the corporate field. Holding legal programs and imparting her extensive legal experience.

To contact Ms Ambigah for any speaking, training and consultancy engagements, :
please contact us at +603 8074 9056 | Mobile +6012 6869  628 | +6018 2735 123 or email: info@iTrainingExpert.com

OR 

R. KRISHNA MOORTHI
Designation: Advocate & Solicitor
Professional Qualification MBA (Management), UKM
Professional Qualification LLB)Hons) London University of East London
Professional Certificate in Legal Practice 

Praticising lawyer since 2007

AREAS OF LITIGATION EXPERTISE:

1.Criminal Litigation which includes criminal breach of trust under Section 420 Penal Code, Dangerous Drugs, Rape, Battery, Assault, Wrongful Imprisonment in regards to immigration laws, Police Act and Rights of a detainee pursuant to the Federal Constitution, remand proceedings, bail application

2. Civil Litigation which includes Motor insurance claims, industrial relations involving wrongful dismissal, constructive dismissal etc, medical negligence, franchise litigation, intellectual property litigation, debt recovery breach of contract and recovery of debts action, divorce and matrimonial proceedings.

3. Non-litigatious matters include will and last testament drafting, corporate and commercial contract drafting such as Sales & Purchase of Business.

LIST OF TRAININGS CONDUCTED FOR CORPORATE CLIENTS

- PDPA.
- Commercial Contracts Drafting and Negotiation.
- Review & Minimise Risk; Service Level Agreements (SLA).
- Effective Contract Negotiations.
- Compliance Anti Bribery and Anti Corruption.
- Debt Recovery & Legal Process.

To contact Mr Krishna for any speaking, training and consultancy engagements, :
please contact us at +603 8074 9056 | Mobile +6012 6869  628 | +6018 2735 123 or email: info@iTrainingExpert.com

Or

We have a faculty of  specialist and can cater to your organisation's different levels and specific needs.

For training and advisory services, feel free to contact us at info@itrainingexpert.com or call us at +603 8082 3707 | +603 8074 9056 | +6012 6869 628 | +6018 2175 123

“I had limited knowledge one PDPA before attending this course. The training helped me to understand the process necessary to be put in place in the company. It’s driven me to re-read and further gain additional knowledge on PDPA.”– Hana Rabi, Media Prima CJ O Shopping Sdn. Bhd.

“This training taught me the practical side of PDPA and made me feel much more knowledgeable about the law. The trainer is very good and has a vast knowledge of PDPA. If there are any other programs on say public speaking, I’d be interested to attend those.”Nurul, Clinical Research Malaysia.
 

"It has been an interesting sessions where the workshop has significantly increased my awareness on Personal Data act and its implications," S. Ryder, CEO, Eagleburgmann (M) Sdn Bhd

"After asking lots of questions during the workshop, I am more aware of my rights in giving out my pesonal data" KH, Chong, Eagleburgmann (M) Sdn Bhd