Graduate Certificate in Law and Technology Module 7: Personal Data and Data Protection (GCLT)

Pervasive media scrutiny, shifting regulatory frameworks and governmental enforcement actions have made privacy and cybersecurity major risk areas for businesses. All of these have heightened the need for the legal community to address this issue.

This module equips participants with the relevant skills to interpret and respond to increasingly complex privacy rules. Participants will also learn about current laws and practices that impact privacy rights, development of privacy laws, norms and cybersecurity issues.

This module is part of the Graduate Certificate in Law and Technology.

LEARNING OBJECTIVES

• Understand the purpose for which the Personal Data Protection Act (PDPA) was enacted in Singapore, i.e., what it is intended to achieve
• Understand what is, and what is not, personal data within the scope of the PDPA and the position of sensitive personal data
• Understand why an organisation needs a data protection committee and the importance of ‘tone at the top’
• Understand what a data protection management programme (DPMP) is, its elements and why a DPMP is important
• Examine risk management elements in connection with a DPMP
• Compare and contrast how the purpose of the PDPA compares and contrasts with the purpose of data protection legislation elsewhere in ASEAN and in Europe
• Understand the information life-cycle, examine the nine obligations under the PDPA and discover where they fit in that life-cycle
• Understand the role of data intermediaries, the due diligence that needs to be done concerning them and contractual considerations when hiring them
• Understand how to maintain/ sustain a data protection programme after it has been implemented and the importance of doing so
• Understand data security best practices
• Understand incident response and reporting best practices
• Formulate a basic data protection plan (from threat detection to incident response and remediation)

WHO SHOULD ATTEND

• Practicing lawyers and Legal Services Officers
• Paralegals
• Allied Legal Professionals (e.g. Legal Technologists)

PREREQUISITE

• A Bachelor's Degree; or
• A Diploma with at least 3 years of working experience

ASSESSMENT

As part of the requirement for SkillsFuture Singapore funding, there will be an assessment conducted at the end of the course.

CERTIFICATION

Upon meeting the minimum attendance requirement (>75%) and passing the assessment, participants will be awarded a digital Certificate of Participation after each module. 

For a complete certificate, participants are required to take 7 out of the 10 modules in accordance to the pathway of their choice. The pathways are created based on job profile and the module requirements for each pathway vary accordingly.

• Innovator
  
  For those looking to transform their practice
  Modules 1, 2, 4, 7, and any three remaining modules 
  
   
• Researcher
  
  For those interested in frontier issues in technology law
  Modules 1, 5, 6, 7, and any three remaining modules 
  
   
• Practitioner
  
  For those looking to update themselves on growing areas of practice
  Modules 1, 7, 8, 9, and any three remaining modules

The modules offered under each pathway are organised into the following categories to better facilitate participants’ selection of modules and learning.

• Foundation Knowledge
• Legal Technology
• Technology Law
• Impact of Technology on Law

The exact combination will depend on the chosen learning pathway of each individual participant. After selecting their pathway, participants may then choose any other 3 modules for their electives.

Participants without legal training are required to take Module 1, in addition to the 3 core and 3 elective modules, in order to qualify for the full certificate. Module 1 is NOT recommended for those with legal training as it covers basic legal concepts.

SPEAKER

Charis is currently a Vice President and the Deputy Data Protection Officer at OCBC Bank where she works closely with various business functions to implement positive privacy controls and oversee the use of personal data in an ethical and responsible manner to achieve business objectives, create innovative financial products, and provide long-lasting value to clients.

In her previous role, Charis was an Associate Director with the Technology, Media and Telecommunications (TMT) and Data Protection, Privacy & Cybersecurity Practice Groups in Drew & Napier LLC where she advised and assisted foreign governments, MNCs, listed companies, statutory boards, and technology start-ups on data protection issues. Her experience includes designing data protection compliance programmes, reviewing data protection policies and agreements, advising on cross-border data transfers and data security measures, conducting staff training, and assisting companies that have suffered data breaches.

In addition to her private-sector experience, Charis was also seconded to the Personal Data Protection Commission for two years where she worked on a wide range of enforcement cases, from the start of investigations to the issuance of the grounds of decision. During her time there, she also assisted the legal department with legislative development and policy research.