Are you ready for Brunei's personal data protection laws? Click here to find out!
Assessment Questions: Evaluating Your Organisation's PDPO Readiness.
This comprehensive questionnaire aims to provide a brief self-assessment of PDP readiness in PDPO Obligation. Your information will be used solely to improve and customise your organisational needs for PDP best practices. We will not share your data with third parties without your explicit consent, except where required by law.
Disclaimer: This assessment is not a comprehensive review of your PDP- compliance . please call us at +673 245 0710 or email us at enquiries@dataworks-bn.com for future assistance.
Accountability Obligation
Under the PDP best practice an organisation must appoint a Data Protection Officer (DPO), develop and implement necessary policies and practices, handle complaints, and ensure that both staff and individuals are informed about these policies and practices.
1. Have you appointed a DPO?
2. Can the public easily find the contact details of the person incharge of the organisation’s PDP?
3. Do you have clear, written internal data protection policies explaining?
4. Is your policy available to the public?
5. Do you clearly communicate your data protection rules to staff?
6. Is there a public process for handling personal data complaints?
Consent Obligation
An individual's valid consent is required before an organisation can collect, use, or disclose personal data, unless otherwise mandated by law or an applicable exception, with consent being either expressly given or implied.
1. Is consent always obtained before collecting personal data for forms?
2. Is consent always obtained before collecting personal data for online?
3. Do you have a way for customer to withdraw consent?
Notification of Purposes Obligation
Under PDP best practice, to obtain valid consent, an organisation must inform individuals of the purposes for collecting, using, or disclosing their personal data, both before collection and before any new use or disclosure not previously communicated.
Do you inform customers about the purpose of data collection?
Purpose Limitation Obligation
Under PDP best practice, individuals have the right to request access to their personal data held by an organisation and information on how it has been used or disclosed within the past year, subject to certain exceptions.
1. Is the data collected by your organisation relevant to its intended purpose?
Accuracy Obligation
An organisation must make reasonable efforts to ensure that personal data is accurate and complete if it will be used to make decisions affecting the individual or disclosed to another organisation.
1. Do you regularly verify and update personal data to maintain its accuracy?
Protection (Security) Obligation
An organisation must make reasonable efforts to ensure that personal data is accurate and complete if it will be used to make decisions affecting the individual or disclosed to another organisation.
1. Do you take measures to protect your data against cybersecurity threat?
2. Do you do cybersecurity assessment and data assessment regularly?
3. Do you have policies and procedures to secure devices and storage media that contain personal data?
4. Is data security awareness training mandatory for all staff who handle personal data, and is it conducted regularly?
Retention Limitation Obligation
An organisation will cease retaining documents containing personal data when it is reasonable to assume that the data no longer serve the original purpose for which it is collected.
1. Do you have a data retention policy?
2. Do you have a process to dispose of data securely?
Transfer Limitation Obligation
Organisation must not transfer personal data outside Brunei Darussalam unless it complies with the prevailing PDP regulations, unless the transferred data receives protection comparable under the foreign PDP.
1. When transferring personal data to other countries, do you take measures to ensure it receives protection in line with the PDPO?
2. Do you have data transfer agreement in place?
Data Breach Notification Obligation
Under PDP best practice, organisations must notify the Responsible Authority of a data breach if it results in or likely result in significant harm to individuals affected.
1. Do you have a plan in place to respond to data breaches, including detection, containment, and notification procedures?
2. Are you aware of the enforcement process?
Your Organisation Information
Disclaimer: This assessment is not a comprehensive review of your PDP- compliance . please call us at +673 245 0710 or email us at enquiries@dataworks-bn.com for future assistance.