The Personal Data Protection Act (PDPA) is a legislation or set of laws aimed at safeguarding the privacy and rights of individuals concerning their data. It establishes rules for the collection, use, disclosure, and protection of personal data by organisations.
Key features of most PDPA laws include:
Consent: Individuals must give consent for their data to be collected and processed, and be informed about how their data will be used.
Purpose Limitation: Organisations can only collect and use personal data for specific, legitimate purposes stated at the time of collection.
Data Minimisation: Organisations should only collect data that is necessary for the stated purposes and should not retain it for longer than necessary.
Accuracy: Organisations are required to take reasonable steps to ensure that personal data collected is accurate and up to date.
Security: Organisations must implement appropriate security measures to protect personal data from unauthorised access, disclosure, alteration, or destruction.
Accountability: Organisations are accountable for complying with the PDPA and may be subject to penalties for non-compliance.