Importance of information Privacy Compliance in Singapore

Data Privacy Insights > Posts > Asia > Importance of information Privacy Compliance in Singapore
PDPC Singapore
by Naina Mathur


The Singapore PDPA has come to effect on July 2, 2014. It collects, uses, and discloses personal data from Singapore. It applies to each organization that is located in any place in the world that handles personal data from users located inside the territory of Singapore. It empowers users in Singapore with the right to give and revoke consent to the processing of their data. The right to access personal data which is collected and to correct inaccurate personal data. It also defines consent as an informed action on a part of the user, either affirmatively or deemed data concerning an individual who can be identified from that data or from other data that is accessible to a corporation. The PDPC has determined that certain kinds of personal data are more sensitive and require a higher standard of protection.

• The Personal Data Protection Commission (PDPC) as its main authority, with responsibilities of enforcementsupervisiondata privacy consultancy, and government advisory.

• It prohibits transfers of personal data outside Singapore jurisdiction unless the place of transfer ensures the same level of data protection as under the Singapore PDPA.

• PDPA was amended in 2020 to include mandatory data breach notifications and a data deemed consent framework, exceptions to consent for legitimate interests, it’s also increased financial penalties for non-compliance and a new right to data portability for users inside Singapore.

Importance of Data Privacy

The importance of data protection and the central role performed by a DPO should come from the very prime of an organization and need to be this might enterprise risk management frameworks. this might be part of the board of directors and C-level executives to be made cognizant of the risks of a data breach. In the case of  Re M Stars Movers & provision Specialist Pte Ltd[1] . The organization is additionally needed to create to offer business in contact for information of an individual who will respond to queries concerning the collection, use, or disclosure of personal data on behalf of the organization under the Notification Obligation. The concerned person may additionally be designated as DPO  whereas there’s no requirement that such an individual must be located in Singapore, to facilitate prompt responses to queries or complaints, the PDPC recommends as good practice that the business contact information of this person should be readily accessible from Singapore, operational during Singapore business hours and if telephone numbers are used, they should be Singapore telephone numbers.

In terms of the choice of DPO, the PDPC has declared that the DPO needs to be appointed from the ranks of senior management and be amply empowered to perform the tasks that are assigned to him or her. If the DPO isn’t one among the C-level executives, the DPO should have a minimum of an immediate line of communication with them. This level of access and authorization will provide the DPO with the required wherewithal to perform his/her role and attain his/her functions. In Re M Stars Movers & logistics Specialist Pte Ltd.

The PDPA is an effort to balance the privacy rights of individuals with the rights and requirements of businesses to use the personal data of those individuals for legitimate reasons. The personal data of GDPRis similar to Singapore that treats that personal data differently from Europe.

 GDPR and PDPA class personal data as anything that identifies or could establish an individual. However, there’s a notable difference within the method that may apply to its data.

Under GDPR, there are one set of rules governing the collection, use, and disclosure of all personal dataincluding general data types which contains a person’s name, address, or contact details. The second set of rules concerning sensitive personal data, or what it calls special category data.

The Information Commissioner’s Office (ICO) has a list of all the data information types that are classed as special category data,  this applies to things like biometric data (fingerprints, etc), genetics, and health records. PDPA, meanwhile, doesn’t differentiate between categories of dataso biometric data is treated every bit the same as someone’s address or number.

PDPA also considers the following to be types of personal data.

• A person’s voice (such as that captured in a recording)

• photographs or video footage of an individual

• DNA profile

• National Registration identity card (NRIC) number.


PDPA is a complicated regulation designed to make sure the protection of individuals’ fundamental rights associated with the collection, processing, and disclosure of their data. Organizations ought to develop strategies and have in place security measures to prevent thefts or data breaches. Non-compliance to the Regulation or incident of a data breach can lead to penalties. Hence, organizations have to be compelled to have a transparent understanding of the data protection obligations under the PDPA regulations. Consult and collaborate with an expert Cyber Security consulting company to reduce the hindrance in compliance.

[1] Re M Stars Movers & provision Specialist Pte Ltd  [2017] SGPDPC 15).

Want to become Data Privacy Compliant ?

Place your request for getting the best data privacy product & service quotes

Leave a Reply

Your email address will not be published. Required fields are marked *