Singapore’s New Data Protection Act: What You Need to Know

Date:

Share post:

Introduction

On November 2, 2020, Singapore’s Personal Data Protection Commission (PDPC) introduced the Personal Data Protection Act (PDPA), which replaced the Personal Data Protection Act 2012. The revised Act aims to strengthen data protection in Singapore and provide greater safeguards for individuals whose personal data is collected, used, and disclosed by organizations. In this article, we will explore the key changes and requirements under the new PDPA and what you need to know to comply with the new regulations.

Key Changes and Requirements

The revised PDPA introduces several key changes and requirements for organizations that handle personal data in Singapore. Some of the notable changes include:

  • Broader Definition of Personal Data: The PDPA now defines personal data to include any data that can identify an individual, including biometric data, genetic data, and online identifiers. This expanded definition means that organizations must take extra precautions to protect a wider range of data types.
  • Enhanced Notification Requirements: Organizations are now required to provide clear and concise notifications to individuals whose personal data they collect, use, or disclose. This includes obtaining explicit consent, providing clear and transparent information about the purposes of data collection, and allowing individuals to withdraw consent at any time.
  • Strengthened Data Security Requirements: The PDPA now requires organizations to implement robust data security measures to prevent unauthorized access, disclosure, or loss of personal data. This includes implementing appropriate technical and organizational measures to ensure the confidentiality, integrity, and availability of personal data.
  • Increased Fines and Penalties: The PDPA introduces stiffer fines and penalties for non-compliance, with a maximum fine of SGD 1 million and/or imprisonment of up to 10 years for serious breaches. This emphasizes the importance of data protection and encourages organizations to prioritize compliance.
  • New Obligations for Data Intermediaries: The PDPA introduces new obligations for data intermediaries, such as data brokers and online services providers, to ensure that they handle personal data in accordance with the PDPA’s requirements. This includes providing clear and transparent information about the purposes of data collection and ensuring that individuals can exercise their rights under the PDPA.

What You Need to Do to Comply

To comply with the new PDPA, organizations in Singapore must:

  • Conduct a Data Mapping Exercise: Identify and map all personal data held by the organization, including the types of data collected, the sources of the data, and the purposes for which the data is used.
  • Review and Update Data Handling Practices: Review and update data handling practices to ensure compliance with the PDPA’s requirements, including obtaining explicit consent, providing clear and transparent information, and ensuring data security.
  • Develop a Data Protection Policy: Develop a data protection policy that outlines the organization’s commitment to data protection, its data handling practices, and its procedures for handling personal data breaches.
  • Provide Training to Employees: Provide training to employees on the PDPA’s requirements and their roles and responsibilities in ensuring data protection.
  • Implement Data Security Measures: Implement robust data security measures to prevent unauthorized access, disclosure, or loss of personal data, including encryption, firewalls, and access controls.
  • Be Prepared for Data Breach Notifications: Be prepared to notify the PDPC and affected individuals in the event of a personal data breach, and have procedures in place for responding to and investigating data breaches.

Conclusion

The revised PDPA marks a significant milestone in Singapore’s data protection regime, introducing stricter requirements and stronger penalties for non-compliance. To ensure compliance, organizations in Singapore must be proactive in reviewing and updating their data handling practices, developing a data protection policy, providing training to employees, and implementing robust data security measures. By understanding the key changes and requirements under the new PDPA, organizations can better protect the personal data of individuals in Singapore and avoid the risks associated with non-compliance.

FAQs

Q: What is the scope of the PDPA?
A: The PDPA applies to all organizations that collect, use, or disclose personal data in Singapore, including businesses, government agencies, and non-profit organizations.

Q: What is considered personal data under the PDPA?
A: Under the PDPA, personal data includes any data that can identify an individual, including biometric data, genetic data, and online identifiers.

Q: What are the penalties for non-compliance with the PDPA?
A: The PDPA introduces stiffer fines and penalties for non-compliance, with a maximum fine of SGD 1 million and/or imprisonment of up to 10 years for serious breaches.

Q: What are the key changes introduced by the revised PDPA?
A: The revised PDPA introduces several key changes, including a broader definition of personal data, enhanced notification requirements, strengthened data security requirements, increased fines and penalties, and new obligations for data intermediaries.

Q: What are the next steps for organizations in Singapore?
A: To comply with the new PDPA, organizations in Singapore must conduct a data mapping exercise, review and update data handling practices, develop a data protection policy, provide training to employees, implement data security measures, and be prepared for data breach notifications.

Q: Who is responsible for enforcing the PDPA?
A: The Personal Data Protection Commission (PDPC) is responsible for enforcing the PDPA and investigating data breaches.

Q: How can individuals make a complaint to the PDPC?
A: Individuals can make a complaint to the PDPC by submitting a complaint form to the PDPC’s website or by contacting the PDPC directly.

Q: What is the PDPA’s impact on businesses in Singapore?
A: The PDPA’s impact on businesses in Singapore is significant, as it requires organizations to take a proactive approach to data protection and ensures greater transparency and accountability in data handling practices.

Angela Lee
Angela Lee
Director of Research

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest News

- Advertisement -spot_img
- Advertisement -spot_img

Related articles

Government and Regulations Headlines

Government and regulations play a crucial role in shaping the...

Amicorp Rejects 1MDB’s $1 Billion Asset Recovery Claim

Amicorp Rejects 1MDB's $1 Billion Claim, Vows to Defend Itself in Court Amicorp Denies Wrongdoing Amicorp Group has rejected 1Malaysia...

The Future of Southeast Asian Trade: Singapore’s Role in Regional Expansion

As the world's economies continue to evolve and global trade becomes increasingly complex, Southeast...