yt’s Data Protection Governance Framework Volume 1 of 2

Preface

This book is an original work by the author that has been in the making since 2020. The Data Protection Governance Framework refers to Singapore’s Personal Data Protection Act 2012 (PDPA) as a baseline law for source because Singapore as a country is required by its uniqueness to be more international than most other countries and PDPA has been drafted as such (also, the author is from Singapore).

As a small nation with no resources, Singapore has worked and must work hard to maintain international relevance. Therefore, its data protection law is influenced by data protection laws of other countries such as Australia, Canada, Hong Kong, New Zealand, and the UK while maintaining its philosophy of ease of doing business in Singapore. It has also referenced international frameworks and guidelines such as European Union Data Protection Directive 95/46/EC (the pre-cursor to the General Data Protection Regulation which introduced more stringent data protection requirements and increased the penalties for non-compliance), the Organization for Economic Co-operation and Development (OECD) Guidelines on the Protection of Privacy and Transborder Flow of Personal Data, and the Asia-Pacific Economic Cooperation (APEC) Privacy Framework.

Singapore continues to engage with other countries through trade agreements such RCEP which stands for the Regional Comprehensive Economic Partnership. It is a free trade agreement (FTA) between 15 Asia-Pacific countries, which includes 10 members of the Association of Southeast Asian Nations (ASEAN), as well as China, Japan, South Korea, Australia, and New Zealand. The agreement was signed on November 15, 2020, after nearly 8 years of negotiations.

PDPA deviates from many countries in providing for ease of doing business, less prescriptive approach, and self-governance.

This book is not so much of a treatise on the law relating to data protection as much as focusing on the implementation aspects of data protection. The author trusts that this book will enable its readers and practitioners to adapt the DGPF model to their country’s requirements, its legal framework, and their businesses.

Images are stills from animated presentation slides created by the author. For various templates referred to in this book, the author may be contacted at [email protected].

About the Author

Yang Yen Thaw

––––––––

Law & tech is a persuasion, management consultancy a profession, and teaching a passion

Yang Yen Thaw is a corporate lawyer, coach, and holds various certifications as AI consultant, management consultant, Associate Adult Educator, ACLP+ACTA, and CIPM+PC:PDP(S) (data protection). He has held senior management and executive positions in management and law in listed as well as private limited companies with businesses spanning the world. He ran his own law firm for 12 years from 1999-2010. Since then, he has held various positions as partner in law firms, GC, CLO, Chief Data Protection Consultant, DPO, management consultant, corporate trainer, and a professional coach.

He was the speaker for an online seminar on PDPA and Data Governance for Smart Nation X conducted on 13 August 2021, which was jointly organized by the Prime Minister’s Office, SkillsFuture Singapore, and ntuc LearningHub. Yen Thaw has also been speaker and teacher for critical thinking and business negotiations for e2i, SkillsFuture, and PA in Singapore since 2021.

Yen Thaw is a regular trainer and consultant on data protection, AI, cybersecurity, and critical core skills. He has trained over 3,000 students comprising individuals and employees from over 100 companies ranging from public listed companies, public agencies (students from MHA, MOH, CSA, IMDA, PDPC), public sector companies, SMEs, educational institutes, PAP community schools, town councils, and their managing agents as well.

His work also covers consulting and teaching covers the following business areas:

Artificial Intelligence for Business & Enterprise

Business Negotiations

Critical Core Skills: Design Thinking, Critical Thinking 4.0

Data Protection + PDPA

Entrepreneurship, internationalization, and cross-border business

Joint Ventures, Mergers & Acquisitions

Law & Intellectual Property

Leadership & Management

Tech subjects: CyberSecurity, IoT

Yen Thaw has designed various original frameworks such as - Critical Thinking powered by QUESTS©, design thinking model – DT D.E.S.I.G.N. (also a Design Thinking for Data Protection course that was approved by IMDA/PDPC as well as WSG.), and DPGF – Data Protection Governance Framework. He has also designed, developed, and run his own courses such as – Artificial Intelligence for Business in Industry 4.0 – demystified, Surviving the Future of Work (Industry 4.0) With Critical Thinking (Powered by QUESTS©), and Cybersecurity Basics.

He has been consistently awarded Trainer Excellence Award by ntuc LearningHub for Overall Training Hours and Performance and Technology" since 2021.

Glossary

Definitions – in the context of Singapore