PDPA Regulations For Businesses In Singapore
The Personal Data Protection Act (PDPA) relates to data privacy in Singapore. Centred on other regulations and standards such as the former United Kingdom data protection act and the Asia-Pacific Economic Cooperation (APEC) Privacy System, the PDPA was signed into law in October 2012 and introduced in four distinct phases over the next two years to allow companies plenty of time to comply. The last of these stages was launched on 2 July 2018 and has since been in effect.
The law lists nine core PDPA obligations beyond the DNC which companies must satisfy while gathering, analyzing, and reporting data. Including:
An individual must be asked for permission to
collect, process or disclose their data.
Similar to GDPR’s “Right to Be Forgotten,” individuals may withdraw their consent at any time and organizations must comply with that withdrawal.
Businesses shall only collect and or disclose personal details of an individual for the particular reason for which the individual has consented.
The business must notify the individuals of the intentions of gathering, using or disclosing the data.
4: Access and correction
Similar to requests for access to data subjects, people are entitled to inquire which data the company holds or controls. They may also ask for information on how the data was used or published in the past year.
Organizations are legally obliged to comply with these demands and to correct any mistakes or omissions until it is appropriate not to do so.
Businesses must make every reasonable effort to ensure that the personal data they collect is accurate and complete when that data is used to make decisions that affect the individual to whom the data relates, or when that data is to be disclosed to another organization.
To secure any sensitive data which is obtained, appropriate protection measures must be placed in place. This must include where applicable,
technical, organizational, and any other actions.
Organizations must hold personal data only for as long as it is required to execute commercial or legal functions.
If personal data is shared abroad, including being processed with overseas-based cloud providers, then the transfer must follow strict criteria laid down by PDPA.
Organizations must provide public information about the practises and processes they use to ensure compliance with PDPA If you’re familiar with GDPR when it comes to data security rights, you’ll no doubt find any parallels in the two regulations. This, of course, provides the room for streamlining regulatory initiatives that can lead to long-term cost reductions and greater productivity.
Consultancy in data protection will help you find crucial areas for such a simplistic analysis.
To find out how you can grow your business while ensuring that you meet your PDPA obligations, visit https://thegenia.com.