Search results
The Personal Data Protection Act (PDPA) provides a baseline standard of protection for personal data in Singapore. It complements sector-specific legislative and regulatory frameworks such as the Banking Act and Insurance Act. It comprises various requirements governing the collection, use, disclosure and care of personal data in Singapore.
- Data Protection Obligations
Data Protection Obligations. Get to know your organisation’s...
- Enforcement of The Act
The PDPC is empowered to investigate and enforce the PDPA...
- Exemption Requests
Exemption From Any Provision Under the PDPA. Any person or...
- Pdpc
PDPC promotes and enforces personal data protection to...
- Data Protection Obligations
The role of the DPO is to oversee data protection responsibilities and ensure compliance with the PDPA. What is the responsibilities of DPO? The responsibilities of a DPO include: To ensure compliance with PDPA when developing and implementing policies and processes for handling personal data;
- Accountability Obligation
- Notification Obligation
- Consent Obligation
- Purpose Limitation Obligation
- Accuracy Obligation
- Data Breach Notification Obligation
- Data Portability Obligation*
Undertake measures to ensure that organisations meet their obligations under the PDPA such as making information about your data protection policies, practices and complaints process available upon request and designating a data protection officer (DPO) and making the business contact information available to the public. Find out more about the Acc...
Notify individuals of the purposes for which your organisation is intending to collect, use or disclose their personal data.
Only collect, use or disclose personal data for purposes which an individual has given his/her consent to. Allow the individual to withdraw consent, with reasonable notice, and inform him/her of the likely consequences of withdrawal. Once consent is withdrawn, make sure that you cease to collect, use or disclose the individual’s personal data.
Only collect, use or disclose personal data for the purposes that a reasonable person would consider appropriate under the given circumstances and for which the individual has given consent. An organisation may not, as a condition of providing a product or service, require the individual to consent to the collection, use or disclosure of his or her...
Make reasonable effort to ensure that the personal data collected is accurate and complete, especially if it is likely to be used to make a decision that affects the individual or to be disclosed to another organisation.
In the event of a data breach, organisations must take steps to assess if it is notifiable. If the data breach likely results in significant harm to individuals, and/or are of significant scale, organisations are required to notify the PDPC and the affected individuals as soon as practicable.
At the request of the individual, organisations are required to transmit the individual’s data that is in the organisation’s possession or under its control, to another organisation in a commonly used machine-readable format. Exceptions may apply to the obligations above. For more information, please refer to Advisory Guidelines on Key Concepts in ...
Oct 7, 2022 · This article is a comprehensive guide to the Personal Data Protection Act (PDPA). It explains what is PDPA, who do not and must comply with the PDPA, and how to ensure compliance with the PDPA.
PDPC promotes and enforces personal data protection to foster an environment of trust among businesses and consumers, contributing to a vibrant Singapore economy.
Singapore Personal Data Protection Act 2012 (PDPA) is a law that governs the collection, use and disclosure of personal data by all private organisations. The Act has come into full effect on 2nd July 2014 and has been updated recently with new amendments that takes effect on 2 November 2020.
This article will provide you with the information necessary to ensure that your Singapore-operating company is compliant with the two applicable regulations — the Singapore Personal Data Protection Act (PDPA) and the European Union’s General Data Protection Regulation (GDPR).
