In this article, we use a recent case to emphasize the significance of enforcing protection obligations and hiring an outsourced DPO to help you to be compliant with PDPA when you’re collecting clients’ personal data.

This applies to education centers, healthcare associations and other associations that collect personal data in the provision of their services.

On 24 February 2021, the Country Club involved notified the Personal Data Protection Commission that one of their employee’s email accounts had been compromised and 600 phishing emails had been sent to various individuals on 22 February 2021.

The Organisation subsequently requested for this matter to be handled under the Commission’s expedited breach decision procedure. It also admitted that it was in breach of section 24 of the Personal Data Protection Act (the “PDPA”) as it failed to document its password policy in writing.

The Protection Obligation under section 24 of the PDPA extends to and includes the training of all employees who have to handle personal data in the course of their work so that an organisation’s employees can then successfully adopt and implement the policies and best practices to ensure the protection of personal data in an organisation.

The Deputy Commissioner penalised the Organisation with a financial penalty of $4,000 within 30 days from the notice accompanying date of this decision.

It is important for any organization that collects clients’ personal data to protect this data using cyber security solutions like endpoint protection software. Please reach out to us at to discuss how we may assist you.

error: Content is protected !!