Privacy Consulting

PDPA Singapore

Personal Data Protection Act of Singapore (PDPA): (2012) - A Framework on Privacy and Data Security

Get Started

The PDPA provides Singapore with an extensive legal regime around the collection, use, disclosure and storing of personal data. Passed in 2012, it provides for the protection of the right of an individual in relation to his/her privacy, whilst allowing organizations to use data, responsibly of course, for their legitimate business's purposes.

OUR OTHER SERVICES

  • Threat Intelligence

    Threat intelligence entails the process of collecting information and analyzing it to make sense of a cyber threat, an attacker's tactics, and any vulnerabilities to make secure decisions in their cyber posture. The resulting intelligence can be used to inform decisions around risk management, threat response, and cybersecurity strategy.

  • SEBI CSCRF

    The SEBI CSCRF, Cyber Security and Cyber Resilience Framework, was designed to guide regulated entities in building and enhancing their cyber posture so that they can proactively prevent, detect and respond to a threat, delivering cyber resilience and stability to the financial market as a whole.

  • SOC 1 & SOC 2 Reporting

    SOC compliance incorporates AICPA's SOC reporting in order to ensure service organizations represent and meet information security and operational expectations in relation to the secure management of their clients' data. SOC 1, SOC 2, and SOC 3 reports - all reflect various operational and security controls.

Key Obligations Under PDPA:

Consent Obligation

Consent Obligation

Organizations must obtain individual explicit consent prior to the collection, use, or disclosure of personal data about the individual.

Purpose Limitation Obligation

Purpose Limitation Obligation

Personal data may only be used for purposes which an individual would consider appropriate under the circumstances and the individual must be informed.

The Notification Obligation

The Notification Obligation

An individual must be informed of the purpose of their data when it is collected, used, or disclosed.

Access and Correction Obligation

Access and Correction Obligation

Within a set period after request, organizations must provide individuals access to their personal data and make any corrections where inaccuracies may be present.

Protection Obligation

Protection Obligation

An organization must make reasonable security arrangements to protect personal data against unauthorized access, collection, use, disclosure, copying, modification, disposal, or similar risks.

Retention Limitation Obligation

Retention Limitation Obligation

Personal data should not be retained longer than necessary for legal or business purposes.

Transfer Limitation Obligation

Transfer Limitation Obligation

Organizations transferring personal data outside Singapore must ensure the recipient provides a standard of protection comparable to that under the PDPA.

Data-Breach Notification Obligation

Data-Breach Notification Obligation

Organizations must notify the Personal Data Protection Commission (PDPC) and affected individuals when a data breach results in or is likely to result in significant harm.

Benefits of Compliance with the Personal Data Protection Act:

Building More Trust

Building More Trust

Compliance with the PDPA will build trust among customers and stakeholders as they recognize that their personal data is handled responsibly by the organization.

Creating a Competitive Edge

Creating a Competitive Edge

Organizations focused on protecting data will be widely differentiated in the market, appealing to audiences for whom their privacy is important.

Limited Legal Risk

Limited Legal Risk

Compliance with PDPA requirements reduces the chance of legal penalties and sanctions caused by non-compliance.

Greater Efficiency of Operations

Greater Efficiency of Operations

Structured means of data protection can lead to improved data management and operational processes.

CyberCube provide specialized services to help you to meet your goals regarding PDPA compliance:

DPO as a Service

DPO as a Service

Provision of the Data Protection Officers with experience, who will guide your company through the requirements for the PDPA.

Policy Development

Policy Development

Assist in the development and implementation of a comprehensive set of data protections that meet the needs of your business.

Compliance Audit

Compliance Audit

Conduct thorough reviews to locate and fix gaps in compliance.

Employee Training

Employee Training

Providing staff training in all aspects of PDPA obligations and best practices.

Ready to see CyberCube in action?

Contact Us

FAQs

PDPA Singapore is the country's baseline data protection legislation that sets out how personal information can be collected, used and shared. We will help you understand how it relates to your operations so that you are not simply compliant but are positioning yourself in trust and responsibility.

The law applies to almost all organizations - whether they are based locally or overseas - that deal with the personal data of individuals in Singapore. We make sure that you understand whether PDPA relates to you, and assist you to clarify what your responsibilities are.

PDPA has several core principles we must follow including accountability, consent, limited purpose, accuracy, protection, retention and breach notification. We help you to operationalize all these obligations to suit your organization and meet your obligations.

We will help you along every step of the way, gap assessments, design data protection policies, implement consent strategies, respond to breaches and train your workforce. In other words we build the system and create the culture to enable you to operate under PDPA as an opportunity to succeed.