This month, the Commission has issued three Undertakings.

The new Undertakings reveals breaches stemming from various attacks mainly due to cyber-attacks such as ransomeware and phishing, affecting the personal data of over 49,367 individuals.

In response, the affected organisations are to implement remediation plans to rectify the immediate breach and address any systemic shortcomings to ensure compliance with the PDPA on a continual basis, such as:

• Encrypt all sensitive data and login credentials
• Perform periodic vulnerability assessments and penetration testing for all systems, network and target vectors
• Conduct periodic training for employees on cybersecurity and data protection to raise their awareness on best practices and PDPA obligations. 

The PDPC has accepted these undertakings having considered the number of affected individuals, the types of personal data involved and the impact of the Incident.

Access the Undertakings here.