Classroom/ Online: Yes/ Yes
Scheduling Date(s):
1) Feb 14, 2025 (classroom)
2) May 16, 2025 (classroom)
3) Aug 15, 2025 (classroom)
4) Nov 14, 2025 (classroom)
Note: Please click specific date for detailed venue and course fee etc.
How to Handle Personal Data Well so as Not to be Fined, Unemployed or Blacklisted: Consequences of Mishandling Personal Data and How to Do It Right
Essential Personal Data Protection Law - How to Handle Personal Data Well so as Not to be Fined, Unemployed or Blacklisted: Consequences of Mishandling Personal Data and How to Do It Right and Comply with the Singapore Personal Data Protection Act 2012.
The Singapore Personal Data Protection Act 2012 (“PDPA”) has been in force legally since 2012. Thus, ignorance of the law is no defence. This is a practical course that provide participants with a good working knowledge of personal data protection laws so that they can conduct their businesses and areas of work effectively and comply with the PDPA laws.
The Singapore Personal Data Protection Act 2012 (“PDPA”) has been in force legally since 2012. Thus, ignorance of the law is no defence. This is a practical course that provide participants with a good working knowledge of personal data protection laws so that they can conduct their businesses and areas of work effectively and comply with the PDPA laws.
Objective
Learn all the fundamentals of personal data protection laws in Singapore that affects your
business, and how to comply with the PDPA so that your organisation is not fined or
blacklisted, and your employees do not become unemployed due to data leaks or breaches.
Acquire a working knowledge of all the twelve (12) main obligations that your business or
organisation is legally obligated to comply with under the PDPA.
In addition, learn all the principles and safeguards in the Advisory Guidelines issued by the
Personal Data Protection Commission (“PDPC”), Singapore’s Privacy Regulator, that affect
the Advertising sector, the Marketing and Sales sector, the Insurance and Real Estate Sales
sectors, the Banking and Finance sector, the Medical sector, and sectors that sell products
and/or services targeted at Children and Youth.
This course will also cover the role of Privacy Impact Assessments and how it can help your
business identify risks and how to mitigate and manage these risks for compliance to the
PDPA. To enhance learning, there will be real case studies and lessons to learn from them
and quizzes to try. The course will also share best practices in handling personal data of
your family, customers and employees.
business, and how to comply with the PDPA so that your organisation is not fined or
blacklisted, and your employees do not become unemployed due to data leaks or breaches.
Acquire a working knowledge of all the twelve (12) main obligations that your business or
organisation is legally obligated to comply with under the PDPA.
In addition, learn all the principles and safeguards in the Advisory Guidelines issued by the
Personal Data Protection Commission (“PDPC”), Singapore’s Privacy Regulator, that affect
the Advertising sector, the Marketing and Sales sector, the Insurance and Real Estate Sales
sectors, the Banking and Finance sector, the Medical sector, and sectors that sell products
and/or services targeted at Children and Youth.
This course will also cover the role of Privacy Impact Assessments and how it can help your
business identify risks and how to mitigate and manage these risks for compliance to the
PDPA. To enhance learning, there will be real case studies and lessons to learn from them
and quizzes to try. The course will also share best practices in handling personal data of
your family, customers and employees.
Outline
- Understand what is Personal Data, and what it is not
- with examples and case studies
- exceptions to definition of Personal Data in Singapore
- what are the differences in other Asia Pacific countries - Learn How to Identify what is Personal Data in Singapore
- with case studies and quizzes - Top Twelve Obligations in the PDPA that every Organisation and Employees must know and comply with
- explanation of all twelve obligations
- explanation that one of these obligations is not legally in force yet - Special exceptions to compliance with the PDPA
- Organisations and situations that do not have to comply with the PDPA
- Rationale for this - Principles and safeguards in the Advisory Guidelines issued by the Personal
Data Protection Commission (“PDPC”), Singapore’s Privacy Regulator that affect the:
– Advertising sector,
- Marketing and Sales sector,
- Insurance sector,
- Real Estate Sales sectors,
- Banking and Finance sector,
- Medical, health and wellness sectors, and
- sectors that target Children and Youth with their products and/or services. - What are considered data breaches, data leaks and ransomware attacks?
- Explanation of what these are
- Case studies - How to handle data leaks, data breaches and ransomware attacks?
- What are the requirements and timelines to handling these under the PDPA?
- What are the legal obligations to report these data leaks or breaches, or ransomware attacks to the Personal Data Protection Commission (“PDPC”), Singapore’s Privacy Regulator? - What is a Privacy Impact Assessment (“PIA”)?
- How can PIAs help identify privacy risks, operational risks, administrative risks, business risks, contractual risks and legal risks?
- What are these risks?
- What are the solutions to mitigate and manage all these identified risks from conducting a PIA?
- What is a PIA Report? - What is a Personal Data Protection Management Program (“DPMP”)?
- How can it help Businesses, Executive and Employees maintain compliance with the PDPA? - Preventing data leaks and data breaches in the Workplace
- Case studies
- Quiz - Sharing Best Practices for compliance with the PDPA
- Q&A
Who should attend
Founders of Companies, Directors, Managers, Executives, Sales and Marketing personnel,
Insurance and Real Estate Agents, Executives and Staff working in banks and financial
institutions, Medical Professionals, Executives and Staff working in medical clinics, hospitals,
health and wellness organisations, and any commercial personnel who is running or managing a
business and will like to acquire a practical understanding of Personal Data Protection Laws to
manage business, privacy, commercial and operational risks.
Insurance and Real Estate Agents, Executives and Staff working in banks and financial
institutions, Medical Professionals, Executives and Staff working in medical clinics, hospitals,
health and wellness organisations, and any commercial personnel who is running or managing a
business and will like to acquire a practical understanding of Personal Data Protection Laws to
manage business, privacy, commercial and operational risks.
Methodology
Case-studies and case presentations will be discussed. There will be quizzes to enhance
learning. You do not need to have prior legal knowledge to attend this seminar.
learning. You do not need to have prior legal knowledge to attend this seminar.
Testimonials
I worked with Aileen in my role as Aon’s Privacy Lead Counsel (North America) for the organization’s Global Privacy Office and Law & Compliance Department. GPO consists of approximately 30 professionals, and L&C is comprised of over 400 attorneys in North America, EMEA, and Asia. Aileen consistently stood out for: the depth and detail of her APAC privacy knowledge, including the newest developments; her engagement with the subject matter; the quality of her clear and concise communications; her risk- managed judgment; and the pace of her work, which always respected the clients’ time-scale. Aileen is an outstanding attorney, subject matter expert, and colleague. I recommend her most highly.
Mr Jeff Hamburg, Aon Assistant General Counsel & Privacy Counsel Lead, North America.
Aileen was an Accenture Legal and Commercial professional providing legal support for me on one of my medium scale projects in Singapore. She gave excellent advice about the contract, the local marketplace, and the legal aspects of the project. I found Aileen to be practical, pragmatic, professional, and pleasant to work with. I would welcome the opportunity to work with Aileen again.
Mr David Abberton - Former Executive Partner at Accenture, in Accenture Government Clients Group
Aileen was detailed, thorough and displayed professionalism in her work. She gave sound advise that was in the best interest of the organisation. Despite the short time given to work on agreements, she rose to the occasion and delivered timely. Her commitment was commendable and above all she did them cheerfully. She would be an asset to any organisation.
Ms Bhawani Balakrishnan - Marketing & Communications Professional, Communications and Events Management at NUS.
Mr Jeff Hamburg, Aon Assistant General Counsel & Privacy Counsel Lead, North America.
Aileen was an Accenture Legal and Commercial professional providing legal support for me on one of my medium scale projects in Singapore. She gave excellent advice about the contract, the local marketplace, and the legal aspects of the project. I found Aileen to be practical, pragmatic, professional, and pleasant to work with. I would welcome the opportunity to work with Aileen again.
Mr David Abberton - Former Executive Partner at Accenture, in Accenture Government Clients Group
Aileen was detailed, thorough and displayed professionalism in her work. She gave sound advise that was in the best interest of the organisation. Despite the short time given to work on agreements, she rose to the occasion and delivered timely. Her commitment was commendable and above all she did them cheerfully. She would be an asset to any organisation.
Ms Bhawani Balakrishnan - Marketing & Communications Professional, Communications and Events Management at NUS.
Profile of Aileen Koh
Expert in Privacy, Data Protection, Data Culture, Intellectual Property, Corporate Commercial Contracts, Real Estate, Wills & Trusts and Risk Management
Aileen Koh is a seasoned lawyer and Certified Information Privacy Professional/Asia (CIPP/A) recognized by the International Association of Privacy Professionals (IAPP). Dual-qualified as an Advocate and Solicitor in Singapore and as a Barrister-at-Law in England & Wales, Aileen has a distinguished career spanning privacy, cybersecurity, and legal risk management.
She previously served on the Singapore Attorney General’s Legal Sub-Committee for the National Internet Advisory on Personal Data Protection and chaired the Ethics Committee for the Singapore Real Estate Association. As a former law lecturer and a registered instructor with the Ministry of Education, she has demonstrated her expertise in teaching and mentoring.
Aileen’s extensive experience includes handling Asia-Pacific (APAC) and European Union (EU) personal data protection laws, privacy risk impact assessments (PIAs), compliance, and intellectual property. She has served as a Regional Data Protection Officer (DPO) for multiple organizations, providing strategic advisory services on APAC privacy laws and EU GDPR compliance.
With a proven track record of reviewing over 100 global PIAs across 30+ countries, Aileen delivers comprehensive risk mitigation solutions through detailed completion reports. She has managed investigations into personal data breaches across 17 APAC countries, preventing incidents and ensuring compliance by implementing data protection management programs (DPMPs), standard operating procedures (SOPs), and best practices.
Her work extends to drafting and reviewing corporate commercial contracts, employment policies, real estate agreements, wills, trusts, and intellectual property documentation. She also specializes in conducting due diligence, privacy assessments, and business risk evaluations for multinational corporations (MNCs), SMEs, and government entities.
Aileen is a sought-after trainer and speaker, providing workshops, consultancy, and strategies to help organizations adopt a robust data culture. She designs and implements privacy-by-design frameworks that align with APAC and EU privacy regulations, reducing the risks of data breaches, non-compliance, fines, and reputational harm.
Aileen’s expertise lies in equipping organizations with the tools and knowledge to manage privacy and cybersecurity risks effectively, ensuring long-term resilience and operational excellence.
