Data Protection for Security Systems and Cyber Security Integration

With the arrival of the new Personal Data Protection Act (PDPA), persons whose data are processed will have more rights. That is why stricter rules have been drawn up for organisations that process personal data and you must ensure that the privacy of the persons whose data you process is guaranteed. Camera and/or access control systems often process personal data.. 

  1. 1
    If you make video recordings for security purposes and people are recognizably portrayed,
    then there is personal data that is processed. After all, the video images are collected,
    sometimes (temporarily) stored and used to supervise. If your employees gain access to
    your business premises with an access pass or tag, the access control system will record
    who has been granted access and when. If this is done in your name or with a traceable
    identification number, then there is also the processing of personal data.
  2. 2
    PDPA: what does that mean for you?
    In order to comply with the PDPA with your (existing or new) camera and/or access control
    system, you will have to take a number of steps. The most important five can be found
    (i) Perform Data Protection Impact Assessment (DPIA)
    (ii) Create and maintain a register of processing activities
    (iii) Conclude processing agreements with processors
    (iv)Technical and organisational measures to prevent risks of privacy violations
    (v) Registering data breaches
  3. 3
    Existing security systems sometimes require additional technical and organisational
    measures to be taken to ensure that only those data that are necessary for the specific
    purpose are processed. Djenee can perform a quick scan for you to determine what additional
    measures are needed to comply with the PDPA.


Our partner, Chakra, adopts a four key steps process In the event that a data breach may happen as recommended by Personal Data Protection Commission Singapore in their GUIDE ON MANAGING AND NOTIFYING DATA BREACHES UNDER THE PERSONAL DATA PROTECTION ACT (15 March 2021).

  1. 1
    - To the extent possible, limit the breach by shutting down the relevant systems or limit
    access to said systems. If the system in question is operated by a third party.
    - If suspected of a criminal offence (i.e. hacker) alert the police to help with
    - If privacy or unauthoriSed access to user accounts are detected, disable access to
    affected accounts, and de-authorise relevant persistent logins.
  2. 2
    - Identify the cause of the breach
    - Assess impact
              o Cause and extent of breach?
              o How many people are affected?
              o What are the risks?
              o What can be remedied?
              o How sensitive was the data involved?
  3. 3
    - Following assessment:
    o Notify the PDPC if 500+ individuals are affected
    o Notify individuals if significant harm is likely
               o For example, if they will be unable to access their accounts due to the
                    containment measures, if their emails are likely known, if their passwords and
                    cookies are compromised
               o Inform them of actions they can take (reset password, clear cookies, etc.)
               o Leave contact details
  4. 4
    Evaluate and take actions
              o Remedy the breach
              o Suspend the practice that led to the breach
              o Identify areas of weakness (i.e. effectiveness of the containment and
                  response; corrective actions and response time)

Contact Us

200 Jalan Sultan #08-08
Textile Centre Singapore 199018
Tel No.: +65 6721 7178
Operating Hours: Mon-Fri, 9am - 6pm

Join Us

Need a quote?

This Data Protection Notice (“Notice”) sets out the basis which The Djenee Corporation Pte.Ltd may collect, use, disclose or otherwise process personal data of our customers in accordance with the Personal Data Protection Act (“PDPA”). This Notice applies to personal data in our possession or under our control, including personal data in the possession of organisations which we have engaged to collect, use, disclose or process personal data for our purposes.

The Djenee Corporation Pte. Ltd. © 2022