PDPA Regulations For Businesses In Singapore


The Personal Data Protection Act (PDPA) relates to data privacy in Singapore. Centred on other regulations and standards such as the former United Kingdom data protection act and the Asia-Pacific Economic Cooperation (APEC) Privacy System, the PDPA was signed into law in October 2012 and introduced in four distinct phases over the next two years to allow companies plenty of time to comply. The last of these stages was launched on 2 July 2018 and has since been in effect.

Singapore Data Protection How PDPA Impacts Your Business - Relentless Data  Privacy

Data Protection Obligations

The law lists nine core PDPA obligations beyond the DNC which companies must satisfy while gathering, analyzing, and reporting data. Including:

1: Consent

An individual must be asked for permission to

collect, process or disclose their data.

Similar to GDPR’s “Right to Be Forgotten,” individuals may withdraw their consent at any time and organizations must comply with that withdrawal.

2: Purpose

Businesses shall only collect and or disclose personal details of an individual for the particular reason for which the individual has consented.

3: Notification

The business must notify the individuals of the intentions of gathering, using or disclosing the data.

4: Access and correction

Similar to requests for access to data subjects, people are entitled to inquire which data the company holds or controls. They may also ask for information on how the data was used or published in the past year.

Organizations are legally obliged to comply with these demands and to correct any mistakes or omissions until it is appropriate not to do so.

5: Accuracy

Businesses must make every reasonable effort to ensure that the personal data they collect is accurate and complete when that data is used to make decisions that affect the individual to whom the data relates, or when that data is to be disclosed to another organization.

6: Protection

To secure any sensitive data which is obtained, appropriate protection measures must be placed in place. This must include where applicable,

technical, organizational, and any other actions.

7: Retention

Organizations must hold personal data only for as long as it is required to execute commercial or legal functions.

8: Transfer

If personal data is shared abroad, including being processed with overseas-based cloud providers, then the transfer must follow strict criteria laid down by PDPA.

9: Openness

Organizations must provide public information about the practises and processes they use to ensure compliance with PDPA If you’re familiar with GDPR when it comes to data security rights, you’ll no doubt find any parallels in the two regulations. This, of course, provides the room for streamlining regulatory initiatives that can lead to long-term cost reductions and greater productivity.

Consultancy in data protection will help you find crucial areas for such a simplistic analysis.

To find out how you can grow your business while ensuring that you meet your PDPA obligations, visit https://thegenia.com.