Executive Programme 2024

Legal & IT Governance
Data Protection Governance & Laws in Singapore

Dates and Times: 3pm to 6pm (GMT+8, Singapore time)
– Module 1: 24-25 January 2024
– Module 2: 21-22 February 2024


This module is conducted in-person at ASSAS.
Participants outside Singapore may choose to attend this module via Zoom.

Speaker’s Profile

KK Lim

Partner – Clayton Law LLC

KK’s practice areas include cybersecurity, data protection, technology investment, employment, and private client advisory. Before joining the Bar, he spent nearly 35 years in different roles with global MNCs, locally listed entities, and the Singapore Government.

He is a graduate of the University of Texas (Austin), Monash University Law School (Australia), National University of Singapore (Law Faculty) and Wealth Management Institute (NTU). He is also an affiliate member of STEP. He also holds multiple technical qualifications and professional memberships in information security and audit, cyber incident response and cybersecurity management. Whilst as Founding Chair of the Cybersecurity and Data Protection Practice Committee of the Law Society of Singapore, he led the Committee in developing the Cybersecurity Practice Guide for lawyers as well as developing the Cybersecurity Guide for charities in Singapore for the Commissioner of Charities, Ministry of Culture, Community & Youth (MCCY).

Current global surveys of IT leaders across many countries expect their budgets for data protection to continue on a healthy growth trajectory, including additional spending of up to 8% annually.

The number of countries and the proportion of the economies of these countries going digital resulted in recognising the importance of data protection and privacy. As a result, 137 out of 194 countries have put in place legislation to secure data and privacy protection. Only 15% of the countries still need legislation in place. At the Association of Southeast Asian Nations level (ASEAN) Digital Ministers’ Meeting (ADGMIN) approved the ASEAN Data Management Framework (DMF) and Contractual Model Clauses for Cross Border Data Flows (MCCs) on 22 Jan 2022.

The two-day course will briefly cover Data Governance (“DG”) within the broad discipline of Information Technology Governance (“ITG”). The discussion of ITG and DG serves as a context for the focus discussion of the relevant data protection and privacy legislation.

It will be followed by another two-day course (Module 2) introducing the importance of Incident Response and Data Breach Management Framework. We would be laying down the current mandatory reporting requirements and some important considerations to understand technical and social media in data breach. 

Course Description

Data governance is generally defined as how an organisation manages its data by setting data policies on how data is gathered, stored, processed, and disposed
of. An essential aspect of data governance is access control to the data. The access control may need to comply with specific industry standards or a regulatory agency regulating that organisation in its jurisdiction. As the value of data is recognised by both Government and commercial organisations for different reasons, data governance is increasingly regulated in many countries.

Concerning Singapore, we will examine the legal policy behind a specific piece of legislation, followed by a focus examination of the legislation and regulations.
We will examine the following legislation in this course:

  1. The Personal Data Protection Act (“PDPC”) (2012)
  2. The Cybersecurity Act of 2018; and
  3. The Computer Misuse Act (“CMA”) (1993).

The course will continue to examine as part of data management the demand for cross border data transfer and management and data localization within Asean.

To conclude the course, we will examine incident response and data breach management. Here will cover the key principles and processes involved apart from mandatory legal reporting in incident reporting. For example, what is an incident may not be a data breach and vice versa. The participant will also have an overview of the different parties required to handle an incident within a company in tandem with other professionals in different fields such as information technology, marketing, human resource, and media within the company.

Module 1:


24-25 January 2024

Module 2:


21-22 Februrary 2024

Location:


Assas campus, Singapore
Online attendance is also available

Programme Overview

Module 1: Day 1 | Wednesday 24th January 2024

Module
Time
Synopsys
Name of Module 1: Introduction to IT & Legal Governance in Singapore
(1.5 hours)
3.00 pm › 4.30 pm
– Introduction to IT & Data Governance.
– Singapore’s legal policy in data governance
(1.5 hours)
4.30 pm › 6.00 pm
– Personal Data Protection Act (2021)

Module 1: Day 2 | Thursday 25th January 2024

Module
Time
Synopsys
Continuation: Introduction to IT & Legal Governance in Singapore
(1.5 hours)
3.00 pm › 4.30 pm
– Cross Border Transfer of Personal Data & Practical Considerations
(1.5 hours)
4.30 pm › 6.00 pm
– Cybersecurity Act 2018

Module 2: Day 1 | Wednesday 21th Frebruary 2024

Module
Time
Synopsys
Name of Module 2: Incident Response: Data Breach Management
We assume participants have attended Module 1 before taking this Module.
(1.5 hours)
3.00 pm › 4.30 pm
– Introduction to Incident Response & Data Breach Management Framework
(1.5 hours)
4.30 pm › 6.00 pm
– Current Mandatory Reporting Requirements

Module 2: Day 2 | Thursday 22th February 2024

Module
Time
Synopsys
Name of Module 2: Incident Response: Data Breach Management
We assume participants have attended Module 1 before taking this Module.
(1.5 hours)
3.00 pm › 4.30 pm
– Understanding Technical & Social Media in Data Breach
(1.5 hours)
4.30 pm › 6.00 pm
– Guest Speaker & Experience Sharing (Subject to availability)

Fees:

  • SGD 580 or EUR 400 for 1 module

CPD Accreditation:

CPD points: 12 Public CPD Points
(6 Public CPD Points per module, 3 Public CPD Points each day)
Practice area: Data Protection & Privacy
Training category: General

Participants who wish to obtain CPD Points are reminded that they must comply strictly with the Attendance Policy set out in the CPD Guidelines. For participants attending the face-to-face activity, this includes signing in on arrival and signing out at the conclusion of the activity in the manner required by the organiser, and not being absent from the entire activity for more than 15 minutes. For those participating via the webinar, this includes logging in at the start of the webinar and logging out at the conclusion of the webinar in the manner required by the organiser, and not being away from the entire activity for more than 15 minutes. Participants may obtain 3 Public CPD Points for each day of the event on which they comply strictly with the Attendance Policy. Participants who do not comply with the Attendance Policy will not be able to obtain CPD Points for attending the activity. Please refer to www.sileCPDcentre.sg for more information.