Under the PDPA (Personal Data Protection Act), it is required that businesses obtain customers’ consent before collecting, using their personal data. Below is a non-exhaustive list of guiding tips for businesses.
Starting off, how to obtain customers’ consent?
1. Ask customers to sign or acknowledge a notice that permits the company to use their data for a particular purpose
2. If customers’ data are routinely collected, a notice should be stated in the form indicating that clearly.
3. To send promotional material to customers, a tickbox has to be included for them to choose to select or deselect
There is a list of exceptions where businesses do not have to always collect customers’ consent, but the onus is on businesses to legally justify their business practices and cross-referencing to PDPA guidelines.
PDPC (Personal Data Protection Commission) has also provided a template for drafting a notice for consent, to serve as a guideline for companies.
