Central Provident Fund Board

Singapore Airlines Limited

Aviva Ltd

NTUC Income Insurance Co-Operative Limited

Alert potential risk with regards to the personal data handled internally

Foster personal data protection culture

Disclose all sensitive personal data in the company to PDPC

Ensure PDPA compliance through policies and processes

S$1 million

S$10,000

S$500

There is no financial penalty

Business phone number

NRIC number

Date of birth

Gender

We should collect personal data just in case we need it

We don’t have to train the users on data protection as long as we have set the policies

Outsourcing the DPO role is permitted under PDPA

A company operating in Singapore with personal sensitive data of EU citizens is not subjected to GDPR

Threats

Vulnerabilities

Mitigation of the cybersecurity risk

Spending whatever it takes to protect the business

Mitigate the risk

Avoid the risk

Transfer the risk

Publicize the risk