What is Personal Data?
Personal data refers to information about an individual that can be used to identify them, either on its own or in combination with other data. Examples include names, NRIC, passport numbers, photographs, mobile telephone numbers, email addresses, residential address, thumbprints, and more.
Understanding the Personal Data Protection Act 2012 (“PDPA”)
Organisations today collect, use, and disclose personal data about individuals, including customers, employees, and stakeholders. The PDPA, enacted in 2012, regulates this process and applies to all organisations, whether or not they have a physical presence in Singapore.
The Personal Data Protection Commission (“PDPC”) has the authority to impose financial penalties for non-compliance, making it crucial for organisations to comply with data protection laws.
Our Personal Data Protection Services for Organisations
Yuen Law provides comprehensive services to ensure your organisation complies with PDPA, including:
1. Privacy Policies & Framework Development
We draft privacy policies, establish governance structures, and set up breach reporting protocols.
2. Data Protection Training & Awareness
We provide training to ensure your staff understands their obligations under the PDPA.
3. PDPA Compliance Audits and Gap Assessments
We conduct audits to identify gaps in your data protection policies and recommend improvements.
4. Data Protection Officer (“DPO”) Support Services
We assist with your organisation’s data protection responsibilities, including handling inquiries and managing personal data breaches.
5. Data Breach Incident Response Management
We guide your organisation through data breach incidents, ensuring compliance and minimizing risks.
Appointment of DPO
Under the PDPA, companies are required to appoint a Data Protection Officer (DPO). We offer trained professionals to assist in this role, ensuring compliance with data protection laws.
Contact Us
Regardless of the size of your organisation or the type of business you are in, Yuen Law can help you with your PDPA obligations and data protection matters. Please contact us to make an appointment.
FAQ
No, it is not mandatory to register your DPO with ACRA. However, it is mandatory for every organization to appoint a DPO and make their business contact information publicly available. While the government encourages companies to register their DPO via ACRA’s Bizfile+ platform, you can also fulfil this requirement by listing the DPO’s contact details on your company’s website or other public platforms.
In the Bizfile+ lodgement form, you are required to provide the following details of your DPO:
- Name of DPO
- Designation
- Contact Number
- Business Email Address
- Company Mainline
- Go to Bizfile+.
- Select “Register/update DPO”.
- Enter the required details.
- Click confirm to submit DPO details.
A DPO is typically part of senior management or reports directly to leadership, with the necessary skills and knowledge to oversee and implement data protection policies. If your organization doesn’t have the internal expertise for this role, you may choose to outsource it to qualified professionals.
Even if you have complied with the PDPA in Singapore, you are still required to comply with the General Data Protection Regulation (GDPR) if you collect or process the personal data of European residents. This obligation holds true regardless of whether your organization has a physical presence in Europe.
While both the PDPA and GDPR share similar principles, the GDPR generally imposes more stringent requirements.
The Do Not Call (DNC) Registry in Singapore, lets individuals opt out of unsolicited marketing calls, SMS, and faxes. Businesses must check the registry and get explicit consent before sending marketing messages to registered numbers.