HRBoss Blog

Just one more day - Are your staffing practices on the right side of the law?

The recent Industry Readiness Survey conducted by the Personal Data Protection Committee (PDPC) reveals that 1 out of 2 organisations have put sufficient measures in place to deal with the regulations and are ready for the PDPA. With just 1 day till the PDPA comes into full force, it seems like the other 50% will have to brace themselves and start paying careful attention to their practices. Have you ensured that your staffing agency and recruitment professionals are PDPA-ready?

According to the survey, two main reasons companies are still struggling with implementing PDPA-compliant practices are because:

  1. Measures are costly to implement
  2. Measures are time-consuming

Though these are practical concerns, organisations will have to find a way around these issues in order to safeguard their businesses. Companies who flout rules could be held criminally liable and may be required to:

  1. Stop collecting, using or disclosing personal data in contravention of the Act
  2. Destroy personal data collected in contravention of the Act;
  3. Provide access to or correct the personal data; and/or
  4. Pay a financial penalty of an amount up to $1 million.

The crux of PDPA is to ensure that personal data is better protected and give individuals the prerogative to control how companies use their personal information. Have you assessed the personal data protection risks within your organisation and put in place personal data security policies with regards to your recruitment data?

Consider the following 3 questions with regards to your organisation’s current practices:

      1.  Is the personal data secure?

It’s not surprising to find that some recruiting organisations still depend on excel spreadsheets or even SharePoint to store data. Consider the likelihood of security failures, including possible threats and vulnerabilities.

  • Do external parties have easy access to the personal data that you hold?
  • Are hardcopy records still used? Are they filled immediately upon submission to prevent others from obtaining access?

      2.  Is the personal data adequately classified in your database system?

Different sets of data can be accessed by various parties. It is important that your employees, vendors and partners access the personal data on a need-to know basis hence the data should be classified and stored adequately to ensure only authorised access.

     3.   Is your database system able to pull out compliance reports ready for audit? 

  • Do you conduct or schedule regular audits on the data protection processes within your organisation?
  • Are there any remedial measures in place in the event of a breach?

Authorities have stressed that breaches of the PDPA will not be taken lightly so with only 24 hours, how can a recruitment agency go for a quick win that is affordable and fuss-free? Download the PDPA guide for recruiters to find out how.