Personal Data Protection
We’re here to support you.
Here’s what you should do in situations involving personal data protection and when to contact the NUS Personal Data Protection (PDP) Unit.
PDPC Contacts You
Cloud Services
Data Sharing
Trainings
Data Loss or Data Leakage
Personal Data Service Request
Do-Not-Call Registry
Data Sharing
What should you do when you need to do personal data sharing with a third party?
Training
What should you do when you need to conduct personal data protection training for the NUS community?
Personal Data Service Request
What should you do when you receive access, correction and/or withdrawal requests?
Data Sharing
First, visit the NUS IT Cloud Policy Sharepoint for more details on what you need to do to complete a Cloud Service Provider (CSP) assessment on the cloud service that you have in mind before subscription. You can also write to NUS IT at NUS IT Cloud Policy as NUSITCloudPolicy@nus.edu.sg to ask for more details.
What is the role of the NUS Personal Data Protection Unit (PDP Unit) in data sharing with third parties?
Contact the NUS PDP unit, if personal data will be involved in the subscription. We will help you to evaluate whether:
Training
1. Ongoing online e-Learning is available:
- Visit the LumiNUS page and look for the e-module under the University Policies and Guidelines package.
2. To learn more about Singapore PDPA:
- Complete the Eight Personal Data Protection Commission (PDPC)
e-Learning modules at https://www.pdpc.gov.sg/Resources/E-learning-Programme
3. Contact the NUS Personal Data Protection Unit (PDP Unit) if you want to conduct a customised face-to-face training on personal data protection matters.
Personal Data Service Request
For efficiency and effectiveness, if you have already set up a facility or function to handle access, correction and/or withdrawal requests of your administration process, please continue to do so to service these requests.
Example 1 : If you have set up a mailing list with an unsubscribe function, please continue to use that to handle unsubscription requests.
Example 2 : If you have provided contact points for the participants of your event on registration, changes and withdrawals, please keep the current practice.
Note: the NUS Personal Data Protection Unit also has a Personal Data Service Request (PSR) system which handles general requests from members of the public.
Personal Data Protection Commission (PDPC) Contacts You
What to do when the Singapore Personal Data Protection Commission (PDPC) contacts you?
Data Loss or Data Leakage
What to do when there is a data breach, data loss or data leakage of University data?
Do-Not-Call Registry
What should you do when you want to conduct telemarketing, telephone fundraising or a telephone survey?
Cloud Services
What should you do when you want to subscribe to a cloud service from a third party?
Personal Data Protection Commission (PDPC) Contacts You
Contact the NUS Personal Data Protection Unit (PDP Unit) if contacted by the Singapore Personal Data Protection Commission (PDPC).
Data Loss or Data Leakage
1. For any lost or stolen devices or portable storage containing University data, make a reasonable effort to locate the lost or stolen item(s). If the item(s) is/are still not found, then file a police report.
Next, contact NUS IT Care and your respective department manager, and follow the NUS IT Security Incidents Reporting process.
2. For incidents involving personal data, please report to NUS Data Protection team by completing the Data Breach Report and emailing the same to dpo@nus.edu.sg
What is the role of the NUS Personal Data Protection Unit (PDP Unit) in the event that personal data are involved?
Other than NUS IT Care and your respective department manager, please contact the NUS PDP Unit, if personal data are involved. The PDP Unit will help you to assess the impact of the incident and advise on whether further actions will need to be taken, such as:
Do-Not-Call Registry
Contact the NUS Personal Data Protection Unit (PDP Unit) for further consultation and if necessary we will scrub the telephone list against the National and NUS Do-Not-Call Registries.
Data Loss or Data Leakage
First, visit the NUS IT Cloud Policy Sharepoint for more details on what you need to do to complete a Cloud Service Provider (CSP) assessment on the cloud service that you have in mind before subscription. You can also write to NUS IT at NUS IT Cloud Policy as NUSITCloudPolicy@nus.edu.sg to ask for more details.
What is the role of the NUS Personal Data Protection Unit (PDP Unit) in the CSP assessment?
Contact the NUS PDP unit, if personal data will be involved in the subscription. We will help you to evaluate various considerations in the CSP assessment, such as:
Personal Data Protection Commission (PDPC) Contacts You
What to do when the Singapore Personal Data Protection Commission (PDPC) contacts you?
Contact the NUS Personal Data Protection Unit (PDP Unit) if contacted by the Singapore Personal Data Protection Commission (PDPC)
Data Loss or Data Leakage
What to do when there is a data breach, data loss or data leakage of University data?
1. For any lost or stolen devices or portable storage containing University data, make a reasonable effort to locate the lost or stolen item(s). If the item(s) is/are still not found, then file a police report.
Next, contact NUS IT Care and your respective department manager, and follow the NUS IT Security Incidents Reporting process.
2. For incidents involving personal data, please report to NUS Data Protection team by completing the Data Breach Report and emailing the same to dpo@nus.edu.sg
What is the role of the NUS Personal Data Protection Unit (PDP Unit) in the event that personal data are involved?
Other than NUS IT Care and your respective department manager, please contact the NUS PDP Unit, if personal data are involved. The PDP Unit will help you to assess the impact of the incident and advise on whether further actions will need to be taken, such as:
Do-Not-Call Registry
What should you do when you want to conduct telemarketing, telephone fundraising or a telephone survey?
Contact the NUS Personal Data Protection Unit (PDP Unit) for further consultation and if necessary we will scrub the telephone list against the National and NUS Do-Not-Call Registries.
Cloud Services
What should you do when you want to subscribe to a cloud service from a third party?
First, visit the NUS IT Cloud Policy Sharepoint for more details on what you need to do to complete a Cloud Service Provider (CSP) assessment on the cloud service that you have in mind before subscription. You can also write to NUS IT at NUS IT Cloud Policy at NUSITCloudPolicy@nus.edu.sg to ask for more details.
What is the role of the NUS Personal Data Protection Unit (PDP Unit) in the CSP assessment?
Contact the NUS PDP Unit, if personal data will be involved in the subscription. We will help you to evaluate various considerations in the CSP assessment, such as:
Data Sharing
What should you do when you need to do personal data sharing with a third party?
First, visit the NUS IT Cloud Policy Sharepoint for more details on what you need to do to complete a Cloud Service Provider (CSP) assessment on the cloud service that you have in mind before subscription. You can also write to NUS IT at NUS IT Cloud Policy at NUSITCloudPolicy@nus.edu.sg to ask for more details.
What is the role of the NUS Personal Data Protection Unit (PDP Unit) in data sharing with third parties?
Contact the NUS PDP Unit, if personal data will be involved in the data sharing with the third party. We will help you to evaluate whether:
Training
What should you do when you need to conduct personal data protection training for the NUS community?
1. Ongoing online e-Learning is available:
- Visit the LumiNUS page and look for the e-module under the University Policies and Guidelines package.
2. To learn more about Singapore PDPA:
-Complete the Eight Personal Data Protection Commission (PDPC)
e-Learning modules at https://www.pdpc.gov.sg/Resources/E-learning-Programme
3. Contact the NUS Personal Data Protection Unit (PDP Unit) if you want to conduct a customised face-to-face training on personal data protection matters.
Personal Data Service Request
What should you do when you receive access, correction and/or withdrawal results?
For efficiency and effectiveness, if you have already set up a facility or function to handle access, correction and/or withdrawal requests of your administration process, please continue to do so to service these requests.
Example 1 : If you have set up a mailing list with an unsubscribe function, please continue to use that to handle unsubscription requests.
Example 2 : If you have provided contact points for the participants of your event on registration, changes and withdrawals, please keep the current practice.
Note: the NUS Personal Data Protection Unit also has a Personal Data Service Request (PSR) system which handles general requests from members of the public.