Risk Assessment
Identify & Assess
Data Protection Risks
Data Protection Risks
Having documented how personal data is being handled, you may then proceed to identify and assess personal data protection risks by:
Risk Assessment
(i) Identifying areas in data flow which could lead to a breach of the Personal Data, or gaps compared to industry best practices.
(ii) Analysing the potential impact of identified gaps and risks.
GAPS ANALYSIS
No one size fits all.
Industry & department specific.
Human Resource Department
Typically handles large amount of personal data of employees and prospective employees.
Courier Company
Handles personal data but typically as a data intermediary.
Medical Clinics
Handles large amounts of personal data, including sensitive medical information of patients.
Identifying & Assessing Data Protection Risks
After identifying potential areas in data flow that could lead to a data breach, implement processess to plug these gaps.
RISKS
Collection, Use & Disclosure
What are the applicable PDPA requirements that need to be complied with for activities relating to the collection, use or disclosure of personal data? Are there policies and practices to meet these requirements?
Is there excessive Collection of data?
Do we adopt best practices?
How is the data handled?
Are there sufficient safeguards to ensure proper handling of personal data? Are the staff trained to handle personal data? Are policies in place with regards to electronic storage and transfer of data?
Are staff aware of their roles and responsibilities?
Does the organisation work with 3rd party vendors?
