LTH410Drafting Policies, Procedures and Contracts to Comply with the PDPA


This course will give participants a good grounding on the basic compliance with PDPA; and guide you in drafting the relevant data protection policies and procedures and clauses that align your contracts to the organisation’s compliance with PDPA.


Course Fee SGD 900
Course Duration 2 Days
Course Timing 9:00am - 5:00pm
Course Venue 190 Clemenceau Avenue
SDF Approved NA
Skills Future Credit NA
Upcoming Courses

All organisations with the exception of a few are required to comply with the Personal Data Protection Act (PDPA). However, how many of these organisations are clueless as to what their obligations and duties are under the PDPA, let alone draft policies, procedures and contracts that comply with the PDPA.

By the end of the Programme, participants will have the following take aways: 1. Understand the key obligations under the PDPA and the Do Not Call provisions 2. Identify business activities and policies, procedures and contracts that need to be assessed for compliance with the PDPA 3. Able to set up and draft policies and procedures in order for the organisation to comply with the PDPA 4. Design and implement activities to ensure continuing compliance with PDPA.

Key Obligations and Do Not Call Provisions under PDPA • Consent Obligation • Purpose Limitation Obligation • Notification Obligation • Access & Correction Obligation • Accuracy Obligation • Protection Obligation • Retention Limitation Obligation • Transfer Limitation Obligation • Openness Obligation • Do Not Call Provisions

Enforcement Decisions • What are aggravating circumstances that will result in higher fines • What is the dispute resolution methods

Business Activities that implicate PDPA • Customer Relationship Management • Human Resources management • Marketing and promotion • Research and development • Regulatory compliance • Data collection • Emailing and calling customers

Policies and procedures that need to be set up in compliance with PDPA • Data collection policy and procedures • Data access and Correction Policy and Procedures • Data accuracy Policy • Data Protection and Retention Policy and Procedures • Data Transfer Policy and Procedures • DNC provisions Policy and Procedures • Complain handling Procedure Hands on drafting of Policies and Procedures

TARGET AUDIENCE • Heads of Risk and Compliance Departments • Data Protection Officers • Data Protection Representatives • Members of Privacy teams, • IT professionals, • HR professionals; and • Anyone who is in charge of personal data protection in their organisations.

  • Auditors, compliance offer, HR manager
  • anyone interested to know more about Singapor PDPA

• Lecture • Case Studies • Discussion • Hands On Practical Exercises



Trained as a lawyer, Norainni graduated from NUS Law School in 1987and was called to the Singapore Bar in 1988. Her passion lay in publishing and she entered the world of legal, regulatory and tax publishing thereafter. There, she helped developed strategic and persuasive content across the Southeast Asian geographies for close to three decades, and were responsible for the most iconic of legal publications that had been produced for the legal market in Malaysia and Singapore. During that period, she also trained countless numbers of editors, commissioning editors and sub-editors in legal research, legal writing and contract negotiations.

A content development person by nature, Norainni champions the clear and direct writing style, devoid of jargon. Such an aptitude is needed if one wish to draft policies and procedures that everyone can understand and comply with. Apart from her legal qualifications, Norainni holds the Advanced Certificate in Training & Assessment, the Diploma in Adult and Continuing Education, is a Certified Information Privacy Professional/Asia. Norainni currently consults for and trains organisations in personal data protection (privacy) laws and cybersecurity laws; sh

View Other Courses by Norainni