Under the Personal Data Protection Act 2010 (“PDPA“), there are 13 specified classes of data users (“Specified Data Users“) that are required to draw up binding Codes of Practice to set out data protection requirements that are tailored to their particular industries (e.g., Banking, Insurance, Education etc). However, there still remain a number of Specified Data Users that have yet to do so.
As such, the Personal Data Protection Commissioner (“Commissioner“) recently issued the General Code of Practice of Personal Data Protection (“General COP“), which came into force on 15 December 2022, to apply to the classes of Specified Data Users that have yet to establish Data User Forums and to register their respective Codes of Practice with the Commissioner.
While the General COP is not binding upon other data users, it is recommended that other data users also refer to the individual provisions in the General COP, as it is reflective of the expectations of the Commissioner in relation to the minimum measures required to be implemented by data users pursuant to the PDPA.
This Update therefore seeks to provide a brief overview of the General COP and highlight key provisions set out in the General COP which data users should be aware of.
For more information, click here to read the full Legal Update.
