Purpose
This policy establishes a framework for identifying, classifying, and managing data assets to ensure proper governance, protection, and regulatory compliance.
Scope
Applies to all Bread Breakers (SG) stakeholders. Covers all data assets including sensitive and regulated data, requiring adherence to inventory, retention, and disposal practices.
Data Ownership
Bread Breakers (SG) is the data owner and is accountable for classification, protection, and retention aligned with PDPA and internal policies.
Roles and Responsibilities
- Data Protection Officer: President — ensures compliance and handles requests
- Data Stewards: Partners / Volunteers. Responsible to safeguard data obtained in their duties.
- Data Custodian: President. Accountable for overall storage and access control of data. Responsibility may be delegated to a member.
Data Inventory
| Data Source | Data Types | Purpose | Retention Period | Who Has Access | Storage Location |
|---|---|---|---|---|---|
| Beneficiary | Delivery Address (and other info as needed) | Coordination and delivery of aid | Until delivery is complete (~1-2 weeks) | Partners involved in the delivery | Volunteer's personal device (notified to delete after fulfillment) |
| Donor | Email Address | Sending receipts and donation follow-ups | 5 years (for financial records) | President (as Data Protection Officer) | Database / Emails |
| Partner | Name, Contact Number | Notifications and payment handling | Until partnership ends | President | Database |
| Member | Name, Address, Contact Info | Regulatory compliance with ROS | Until membership ends | President / Secretary | Internal Records |
| Transaction | Redacted receipts, proof of delivery | Public transparency and proof of aid | 5 years (for financial records) | Public | Public Ledger |
Policy Review
Reviewed annually or as needed to reflect changes in operations or regulation.
