Operation Reliability

Central Provident Fund Board

Singapore Airlines Limited

Aviva Ltd

NTUC Income Insurance Co-Operative Limited

Alert potential risk with regards to the personal data handled internally

Foster personal data protection culture

Disclose all sensitive personal data in the company to PDPC

Ensure PDPA compliance through policies and processes

S$1 million

S$10,000

S$500

There is no financial penalty

Business phone number

NRIC number

Date of birth

Gender

We should collect personal data just in case we need it

We don’t have to train the users on data protection as long as we have set the policies

Outsourcing the DPO role is permitted under PDPA

A company operating in Singapore with personal sensitive data of EU citizens is not subjected to GDPR

Threats

Vulnerabilities

Mitigation of the cybersecurity risk

Spending whatever it takes to protect the business

Mitigate the risk

Avoid the risk

Transfer the risk

Publicize the risk

True

False

We should not consider encryption of emails as an option in data protection as this will increase the latency

End-point security is not necessary as this takes up storage space on the user device

Anti-virus signature list need not be updated for up to 2 years

Security awareness training is one of the most effective way to equip employees with knowledge in data assets protection

Yes, this is the most basic feature

Yes, these attacks are always minor and consequences negligible

No, these are newly discovered flaws and protection might not be available

No, I should see their price first