A Member Firm of Andersen Global

Contact Us

PDPA compliance in Singapore

Personal Data Protection Act, commonly known as PDPA is a general data protection law in Singapore that specifies mandatory requirements for personal data protection and handling. The Personal Data Protection Commission (PDPC) is the regulatory body that ensures PDPA compliance in Singapore.

PDPA compliance in Singapore

Personal Data Protection Act, commonly known as PDPA is a general data protection law in Singapore that specifies mandatory requirements for personal data protection and handling. The Personal Data Protection Commission (PDPC) is the regulatory body that ensures PDPA compliance in Singapore.
The objective of PDPA is framing policies and procedures for collecting, using and disclosing personal data and empowering individuals for more effective and better control of their data. Organisations are mandated for establishing reasonable purposes when collecting, using and disclosing personal data.
Personal data is defined as information about an individual which helps in identifying that individual and accessing other information about the individual.

How has PDPA evolved in Singapore?

The chronological order of events that took place about personal data protection and Singapore PDPA compliance are as under
  • On 2nd January 2013, the PDPC was established
  • On 2nd July 2014, the DNA Registry provisions were introduced
  • On 2nd November 2020, the amendments to PDPA were tabled
  • From 1st February 2021, the amended and enhanced PDPA was put into force

How does the Personal Data Protection Act (PDPA) work?

Once sector-specific legislation and regulatory frameworks are critically reviewed, a reference standard for personal data protection is usually drawn across the entire economy by the PDPC for documenting PDPA. Singapore PDPA compliance becomes mandatory for organizations including compliance with common and industry/sector-specific regulations while handling personal data within their reach.

The below-mentioned aspects are the prime considerations of the PDPA while putting into force

Consent

Personal data can only be collected, used or disclosed by organisations with the individual’s knowledge and consent with a few exceptions.

Purpose

Personal data can only be collected, used or disclosed with specific purposes and in an appropriate manner for the circumstances and only when organisations keep the individuals appraised of such purposes.

Reasonableness

Personal data can only be collected, used or disclosed by organisations for purposes considered appropriate to a reasonable person in the given circumstances.

Want to learn more about Regulatory Compliance in Singapore?

Speak to one of our experts today.
What are the business obligations under PDPA?
There are nine obligations for organisations dealing with personal data specified under PDPA and include the following
Consent Obligation
Purpose Limitation Obligation
Notification Obligation
Access and Correction Obligation
Accuracy Obligation
Protection Obligation
Retention Limitation Obligation
Transfer Limitation Obligation
Openness Obligation

How do companies comply with PDPA Obligations?

Singapore Personal Data Protection Commission (PDPC) in its endeavour to make the compliance obligations more comprehensive, issued a 10 step PDPA checklist for Singapore PDPA compliance. The steps are
  • Employing a Data Protection Officer to liaise with PDPC on data protection measures
  • Notifying Purposes of data collection and seeking the consent of individuals before collection of personal data
  • Allowing corrections of personal data provided under section 22 (4) of the PDPA as appropriate
  • Securing personal data by establishing data security policies and employee training
  • Responding to individuals' queries on personal data
  • Deleting personal data no longer required
  • Protecting personal data when transferring to foreign countries
  • Effectively Managing service providers handling personal data
  • Checking the Do Not Call (DNC) if organizations are involved in telemarketing
  • Ensuring company-wide PDPA awareness and communicating personal data protection policies, procedures and processes

Why should an organisation opt for PDPA Compliance?

Businesses demonstrating PDPA compliance in Singapore are treated with more respect and enjoy enhanced customer loyalty. It also creates a more trusting environment amongst employees, customers and other stakeholders. Singapore PDPA compliance can help businesses improve overseas market share and avoid regulatory penalties imposed by authorities.

Your vision, our mission.
Let's discuss

Contact Us
A Member Firm of Andersen Global
  • 170+ Countries
  • 390+ Locations
  • 13,000+ Professionals
  • 1800 + Global Partners
Contact Us

Need Assistance?

Get In Touch

We appreciate your interest in IMC and are eager to address your needs.

To ensure we address your needs accurately and promptly, please fill out this form. This will help us in identifying and connecting you with the appropriate team of experts in our organization.

We take pride in our responsiveness and aim to get back to you within a span of 1-2 business days. Your journey towards solutions starts here.

Companies we have worked with

Get updated by Signup
to our Newsletter!

Get Started

About

Locations

© 2023 IMC Group. All Rights Reserved.

Get Started

About

Locations

© 2023 IMC Group. All Rights Reserved.

Get Started

About

Locations

© 2023 IMC Group. All Rights Reserved.

Let's Talk