pdpa Singapore

Singapore’s PDPA and data privacy regime 

The Personal Data Protection Act (PDPA) of Singapore came into effect in 2014. Then, it was amended in the year 2020 to include, other additions and changes to its consent framework. So that user protection can be strengthened and tighten the requirements for websites, organizations, and companies.

Singapore was one of the first countries to implement a law for data privacy that not only protects the collection and processing of personal data in the territory but also puts an enforceable duty on organizations to include websites, individuals, companies, and more, located anywhere in the world. The PDPA has drafted in 2012 itself and completely erected in 2014, also called a so-called ‘spam law, establishing the Do Not Call Registry. It can be used by Singaporeans to opt out of unsolicited marketing.

Who has exempted from the PDPA? All the personal data that have entered into a business contract, personal data over 100 years old, and personal data about a person who has been dead for more than ten years. Unlike the EU’s GDPR, the PDPA of Singapore doesn’t make a special category of sensitive personal data.

  • Singapore’s PDPA regulations 

The PDPA of 2014, states the practical aspect of how organizations and websites are expected to set up their compliance for PDPA.

In short, the PDPA regulations do-

  • Specify that requests to correct or gain access or to dissent from further personal data collection must be made by users in writing.
  • Clarify that companies, organizations, and websites getting requests from users must respond within 30 days.
  • Make it clear that the organization charges a payment when there’s an exchange for processing petitions from the users.
  • Illustrate the regulations around international transfers of personal data outside of the country.
  • Singapore PDPA amendment of 2020- 

On 2nd November, the parliament of Singapore passed an amendment bill to the PDPA (Personal Data Protection Act). While the amendment awaits royal assent to become completely effective, the alterations to the pdpa Singapore with websites and grace period will need to straight away comply just after the amendment.

The updated PDPA amendment includes-

  • Deemed consent by notification

This amendment includes broadening the framework around deemed consent to include a need to instruct users of new objectives for the compilation and facilitates users to opt-out.

  • Mandatory Data breach notification 

Requiring companies, organizations, and websites to notify users and the PDPC of data breaches within three days. Contact Assure Safety and get one of the best ISO consultants to support your business and prove that your company keeps compliance with the standards of ISO Management.

  • The exception to consent for legitimate interest 

Companies can rely on the exception given by legitimate interest to collect, make use of or disclose personal data, but must follow the advisory of PDPC guidelines to do so.

  • Increased financial penalties 

Increase the non-compliance fine with PDPA to 10% of the yearly turnover of the company with a turnover above $10 million or $1 million.

  • New data portability right 

The users in Singapore will be capable of having collected data made transferable and portable to other organizations upon request.