In this article, we use a recent case to highlight the importance of implementing protection obligations and hiring an outsourced DPO to help you to ensure compliance with PDPA when you are collecting clients’ personal data. This applies to tuition centers, healthcare organizations and other organizations that collect personal data in the provision of their services.

On July 2, 2021, School A alerted the Personal Data Protection Commission that a parent of a student is able to view and access a student report produced by the Organization via internet search engines.

Following that, the Organization requested that this matter be resolved under the Commission’s expedited breach decision procedure. It also admitted to violating the Personal Data Protection Act (the “PDPA” section 24). The Deputy Commissioner for Personal Data Protection orders the Organization to pay a $10,000 financial penalty within 30 days of receiving the notice accompanying this decision

To protect clients’ personal data and prevent unwanted access, an organisation storing personal data in website directory/folders must implement protection obligations procedure to safeguard data. For further information regarding protection obligation please click on

Furthermore, no clear business needs were stated that the Organization was depending on the sister firm to implement security solutions to protect personal data. When an organisation receives IT services from another member of the group, it should ensure that the latter is obligated by formal agreements or group regulations to secure personal data while providing the services.

Implementing PDPA can be a daunting experience, an organisation should consider hiring an outsourced DPO to ensure that the organisation implements both policies and procedures that comply with PDPA. This is because any data breach or non-compliance may lead to an organization being fined.

Privacy Edge has the expertise and experience to help you. Contact us at to understand how you can achieve this at 1/10th of the cost of hiring an in-house DPO.

error: Content is protected !!