Executive Programme 2023

Legal & IT Governance
Data Protection Governance & Laws in Singapore

Dates and Times: 3pm to 6pm (GMT+8, Singapore time)
- Module 1: 23-24 October 2023 or 6-7 November 2023
- Module 2: 20-21 November 2023 or 4-5 December 2023

This module is conducted in-person at Assas International, Singapore Campus.
Participants outside Singapore may choose to attend this module via Zoom.

Speaker's Profile

KK Lim

Partner – Clayton Law LLC

KK’s practice areas include cybersecurity, data protection, technology investment, employment, and private client advisory. Before joining the Bar, he spent nearly 35 years in different roles with global MNCs, locally listed entities, and the Singapore Government.

He is a graduate of the University of Texas (Austin), Monash University Law School (Australia), National University of Singapore (Law Faculty) and Wealth Management Institute (NTU). He is also an affiliate member of STEP. He also holds multiple technical qualifications and professional memberships in information security and audit, cyber incident response and cybersecurity management. Whilst as Founding Chair of the Cybersecurity and Data Protection Practice Committee of the Law Society of Singapore, he led the Committee in developing the Cybersecurity Practice Guide for lawyers as well as developing the Cybersecurity Guide for charities in Singapore for the Commissioner of Charities, Ministry of Culture, Community & Youth (MCCY).

Current global surveys of IT leaders across many countries expect their budgets for data protection to continue on a healthy growth trajectory, including additional spending of up to 8% annually.

The number of countries and the proportion of the economies of these countries going digital resulted in recognising the importance of data protection and privacy. As a result, 137 out of 194 countries have put in place legislation to secure data and privacy protection. Only 15% of the countries still need legislation in place. At the Association of Southeast Asian Nations level (ASEAN) Digital Ministers’ Meeting (ADGMIN) approved the ASEAN Data Management Framework (DMF) and Contractual Model Clauses for Cross Border Data Flows (MCCs) on 22 Jan 2022.

The two-day course will briefly cover Data Governance (“DG”) within the broad discipline of Information Technology Governance (“ITG”). The discussion of ITG and DG serves as a context for the focus discussion of the relevant data protection and privacy legislation.

It will be followed by another two-day course (Module 2) introducing the importance of Incident Response and Data Breach Management Framework. We would be laying down the current mandatory reporting requirements and some important considerations to understand technical and social media in data breach. 

Course Description

Data governance is generally defined as how an organisation manages its data by setting data policies on how data is gathered, stored, processed, and disposed
of. An essential aspect of data governance is access control to the data. The access control may need to comply with specific industry standards or a regulatory agency regulating that organisation in its jurisdiction. As the value of data is recognised by both Government and commercial organisations for different reasons, data governance is increasingly regulated in many countries.

Concerning Singapore, we will examine the legal policy behind a specific piece of legislation, followed by a focus examination of the legislation and regulations.
We will examine the following legislation in this course:

(a) The Personal Data Protection Act (“PDPC”) (2012)
(b) The Cybersecurity Act of 2018; and
(c) The Computer Misuse Act (“CMA”) (1993).

The course will continue to examine as part of data management the demand for cross border data transfer and management and data localization within Asean.

To conclude the course, we will examine incident response and data breach management. Here will cover the key principles and processes involved apart from
mandatory legal reporting in incident reporting. For example, what is an incident may not be a data breach and vice versa. The participant will also have an
overview of the different parties required to handle an incident within a company in tandem with other professionals in different fields such as information
technology, marketing, human resource, and media within the company.

Module 1:

23-24 October 2023
or
6-7 November 2023

Module 2:

20-21 November 2023
or
4-5 December 2023

Location:

Assas International, Singapore Campus

1 Ayer Rajah Avenue, 138676 Singapore

Online attendance is also available

Programme Overview

Module 1: Day 1
  • 23rd October 2023 | 3 – 6 pm
    or
  • 6th November 2023 | 3 – 6 pm
MODULE TIME SYNOPSIS
Name of Module 1: Introduction to IT & Legal Governance in Singapore
(1.5 hours) 3pm › 4.30pm
  • Introduction to IT & Data Governance.
  • Singapore’s legal policy in data governance
(1.5 hours) 4.30pm › 6pm
  • Personal Data Protection Act (2021)
Module 1: Day 2
  • 24th October 2023 | 3 – 6 pm
    or
  • 7th November 2023 | 3 – 6 pm
MODULE TIME SYNOPSIS
Continuation: Introduction to IT & Legal Governance in Singapore
(1.5 hours) 3pm › 4.30pm
  • Cross Border Transfer of Personal Data & Practical Considerations
(1.5 hours) 4.30pm › 6pm
  • Cybersecurity Act 2018
Module 2: Day 1
  • 20th November 2023 | 3 – 6 pm
    or
  • 4th December 2023 | 3 – 6 pm
MODULE TIME SYNOPSIS
Name of Module 2: Incident Response: Data Breach Management
We assume participants have attended Module 1 before taking this Module.
(1.5 hours) 3pm › 4.30pm
  • Introduction to Incident Response & Data Breach Management Framework
(1.5 hours) 4.30pm › 6pm
  • Current Mandatory Reporting Requirements
Module 2: Day 2
  • 21th November 2023 | 3 – 6 pm
    or
  • 5th December 2023 | 3 – 6 pm
MODULE TIME SYNOPSIS
Name of Module 2: Incident Response: Data Breach Management
We assume participants have attended Module 1 before taking this Module.
(1.5 hours) 3pm › 4.30pm
  • Understanding Technical & Social Media in Data Breach.
(1.5 hours) 4.30pm › 6pm
  • Guest Speaker & Experience Sharing (Subject to availability)

Fees:

  • SGD 580 or EUR 400 for 1 module

CPD Accreditation:

CPD points: 6 Public CPD Points for each module
(3 Public CPD Points for each day)
Practice area: Data Protection & Privacy
Training level: General

Participants who wish to obtain CPD Points are reminded that they must comply strictly with the Attendance Policy set out in the CPD Guidelines. For participants attending the face-to-face activity, this includes signing in on arrival and signing out at the conclusion of the activity in the manner required by the organiser, and not being absent from the entire activity for more than 15 minutes. For those participating via the webinar, this includes logging in at the start of the webinar and logging out at the conclusion of the webinar in the manner required by the organiser, and not being away from the entire activity for more than 15 minutes. Participants may obtain 3 Public CPD Points for each day of the event on which they comply strictly with the Attendance Policy. Participants who do not comply with the Attendance Policy will not be able to obtain CPD Points for attending the activity. Please refer to www.sileCPDcentre.sg for more information.

Please don't hesitate to reach out to me

I would be delighted to address any inquiries you may have.

Buci Chan

Executive Director, Singapore Campus

Feel free to contact me, and I will be more than happy to answer all of your questions.