The European Union General Data Protection Regulation (EU GDPR) was first published in April 2016 and then put into force on 25 May 2018.
Overseas business organisations either supplying goods and services to individual consumers in the EU or identifying and monitoring their behaviour, either directly or indirectly within the EU come under the ambit of this regulation. The organisations may or may not have any physical presence in the EU.
Singapore is the largest trading partner of the EU in ASEAN and many organisations in Singapore come under the jurisdiction of EU GDPR.
GDPR is a European regulatory standard and its applicability extends far beyond its borders. Companies must opt for GDPR compliance in Singapore if they are involved in some of the following activities
If a Singaporean organisation’s target audience includes individuals in the EU for business purposes, it needs to engage a European representative if
There are sensitive data that can not be processed as per EU GDPR subject to certain exceptions and include
No, because the two regulatory regimes namely GDPR and PDPA spell out different sets of requirements, Singapore data protection compliance does not necessarily mean the organisation complies with the EU GDPR. While there are exemptions given to public agencies and their agents, employees, or individuals acting in a personal capacity in PDPA, there is no such waivers in GDPR and applies to everyone equally.
The revised and more detailed Singapore data protection compliance regulation enacted by the Singapore government on 1st February 2021 is however a more streamlined and converged approach towards the European regulation on data protection almost resembling the six legal bases for personal data processing specified in GDPR. The recent amendments incorporated in Singapore data protection compliance requirements include
There are guidelines provided by the European regulators for being compliant with the EU GDPR with references to specific online resources on the regulatory requirements. Business organisations can use this link for necessary GDPR compliance in Singapore. Legal help and advice may also be sought whenever needed.
The key requirements for EU GDPR have been highlighted in the factsheet pdpc issued by the PDPC and can be used by businesses in Singapore as an organizational database.
For GDPR compliance in Singapore, business organisations need to do the following
The Personal Data Protection Commission (PDPC) Singapore illustrated through an infographic model the broad categorization highlighting differences between these two regulations with the exceptions to consent and legal bases of personal data processing as per GDPR.
Yes, non-compliance with GDPR can bring severe consequences for non-compliant organisations with hefty administrative fines imposed by GDPR supervisory authorities.
In contrast to Singapore data protection compliance the penalties for GDPR non-compliance apply equally to business organisations and individuals.
Besides huge penalties, any violation in GDPR compliance also damages the organizational reputation and adversely impacts the customer base and future growth prospects.
The EU with a population of 440 million is a huge market for Singapore which is only expected to grow over time. This will undoubtedly drive an increased number of businesses to go for GDPR compliance in Singapore.
GDPR is unmatched legislation for enhancing the rights and transparency of individuals over their data and is embraced by Singaporean businesses with spirit and enthusiasm.
Book a consultation appointment with our professionals now.
Book a consultation appointment with our professionals now.
Book a consultation appointment with our professionals now.
