The Personal Data Protection Act (PDPA) was enacted in 2012 to govern the collection, usage or disclosure of personal data in Singapore This applies whether or not the organisation itself has a physical presence or is registered as a company in Singapore. Over the years, the Personal Data Protection Commission (PDPC) has stepped up enforcement, with the power to issue financial penalties of up to S$1,000,000. It is no longer an option to treat data protection as an afterthought.
If you are unsure as to what your organisation needs to do to comply with the PDPA, Yuen Law can guide and assist you in a number of ways. Beyond the legal drafting of privacy policies or data breach reporting under Singapore law, we also consult with and train your organisation to reach and maintain compliance. We can help you with a PDPA compliance audit and identify gaps in your policies and operational processes.
If your organisation works with large volumes of personal data such as marketing databases or collates large datasets involving personal information, your needs may be more specialised and acute. Especially when dealing with third-party intermediaries, you will require well-drafted contractual safeguards in the handling and transfer of your personal data to them. It will also be prudent to appoint a trained and competent Data Protection Officer (DPO). Depending on your organisational needs, this role may be outsourced. Where required, we conduct PDPA compliance training sessions for your DPO and key personnel.
Amendments to the Act passed in November 2020 has expanded the situations in which consent is deemed to have been given, for example where it is reasonably necessary to fulfil the contract. It also introduces new exceptions to the consent regime. At the same time, it sets out more offences for mishandling personal data and raises the financial penalties for breaches.
The Amendments also make it mandatory, in the event of a data breach, to notify both the affected individual and the PDPC.
Personal data protection laws will continue to be updated in time in light of societal changes and developments in technology, to continually tweak the balance between empowering businesses through data and protecting the rights of individuals.
Over the long term, businesses need to pay continued attention to PDPA matters as they continue to evolve.
Regardless of the size of your organisation or the type of business you are in, Yuen Law can help you with your PDPA obligations and data protection matters. Please contact us to make an appointment.