A Member Firm of Andersen Global

GDPR Compliance in Singapore Organisations

The European Union General Data Protection Regulation (EU GDPR) was first published in April 2016 and then put into force on 25 May 2018.

GDPR Compliance in Singapore Organisations

The European Union General Data Protection Regulation (EU GDPR) was first published in April 2016 and then put into force on 25 May 2018.

Overseas business organisations either supplying goods and services to individual consumers in the EU or identifying and monitoring their behaviour, either directly or indirectly within the EU come under the ambit of this regulation. The organisations may or may not have any physical presence in the EU.

Singapore is the largest trading partner of the EU in ASEAN and many organisations in Singapore come under the jurisdiction of EU GDPR.

When does a Singaporean organisation come under the jurisdiction of EU GDPR?

GDPR is a European regulatory standard and its applicability extends far beyond its borders. Companies must opt for GDPR compliance in Singapore if they are involved in some of the following activities
If a Singaporean organisation’s target audience includes individuals in the EU for business purposes, it needs to engage a European representative if
There are sensitive data that can not be processed as per EU GDPR subject to certain exceptions and include

Does compliance with Singapore's Personal Data Protection Act (PDPA) mean EU GDPR compliance?

No, because the two regulatory regimes namely GDPR and PDPA spell out different sets of requirements, Singapore data protection compliance does not necessarily mean the organisation complies with the EU GDPR. While there are exemptions given to public agencies and their agents, employees, or individuals acting in a personal capacity in PDPA, there is no such waivers in GDPR and applies to everyone equally.

The revised and more detailed Singapore data protection compliance regulation enacted by the Singapore government on 1st February 2021 is however a more streamlined and converged approach towards the European regulation on data protection almost resembling the six legal bases for personal data processing specified in GDPR. The recent amendments incorporated in Singapore data protection compliance requirements include

The Personal Data Protection Commission (PDPC) Singapore illustrated through an infographic model the broad categorization highlighting differences between these two regulations with the exceptions to consent and legal bases of personal data processing as per GDPR.
Want to learn more about GDPR Compliance in Singapore?
Speak to one of our experts today.
What is needed for Singaporean organisations to be compliant with the EU GDPR?

There are guidelines provided by the European regulators for being compliant with the EU GDPR with references to specific online resources on the regulatory requirements. Business organisations can use this link for necessary GDPR compliance in Singapore. Legal help and advice may also be sought whenever needed.

The key requirements for EU GDPR have been highlighted in the factsheet pdpc issued by the PDPC and can be used by businesses in Singapore as an organizational database.

For GDPR compliance in Singapore, business organisations need to do the following

The Personal Data Protection Commission (PDPC) Singapore illustrated through an infographic model the broad categorization highlighting differences between these two regulations with the exceptions to consent and legal bases of personal data processing as per GDPR.

Are there penalties for non-compliance with GDPR?

Yes, non-compliance with GDPR can bring severe consequences for non-compliant organisations with hefty administrative fines imposed by GDPR supervisory authorities.

In contrast to Singapore data protection compliance the penalties for GDPR non-compliance apply equally to business organisations and individuals. Besides huge penalties, any violation in GDPR compliance also damages the organizational reputation and adversely impacts the customer base and future growth prospects.

Conclusion

The EU with a population of 440 million is a huge market for Singapore which is only expected to grow over time. This will undoubtedly drive an increased number of businesses to go for GDPR compliance in Singapore. GDPR is unmatched legislation for enhancing the rights and transparency of individuals over their data and is embraced by Singaporean businesses with spirit and enthusiasm.

Your vision, our mission.
Let's discuss

A Member Firm of Andersen Global
Need Assistance?
Get In Touch

We appreciate your interest in IMC and are eager to address your needs.

To ensure we address your needs accurately and promptly, please fill out this form. This will help us in identifying and connecting you with the appropriate team of experts in our organization.

We take pride in our responsiveness and aim to get back to you within a span of 1-2 business days. Your journey towards solutions starts here.

Companies we have worked with

Let's Talk