Privacy Ninja



        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Proposed changes to Singapore’s data protection law seek stiffer penalties for info leaks

Stricter Laws For PDPA (Personal Data Protection Act) is coming!

SINGAPORE – In case of a data breach, organisations may soon be slapped with fines of up to 10 per cent of their annual gross turnover, or $1 million, whichever is higher, if proposed amendments to Singapore’s Personal Data Protection Act go through.

Currently, companies are liable for a fine of only up to $1 million, but the authorities are seeking stronger deterrents for data breaches.

The stricter penalty will be aligned with the law in other jurisdictions, such as the European Union, said the Ministry of Communications and Information (MCI) and privacy watchdog Personal Data Protection Commission (PDPC) in their fourth public consultation exercise to amend the Act on Thursday (May 14).

The EU’s General Data Protection Regulation, for instance, provides a revenue-based maximum financial penalty of 4 per cent of an entity’s global annual turnover, or €20 million (S$30.7 million), whichever is the higher.

Slapping potentially higher fines in Singapore is among a list of proposed amendments to the draft Personal Data Protection (Amendment) Bill.

Other key proposed amendments on which the authorities are inviting feedback include mandating organisations to notify PDPC of a data breach that involves 500 or more individuals, or that is likely to result in harm to affected individuals, as well as to notify the affected individuals themselves.

Individuals will also be able to ask for a copy of their personal data to be transmitted to another organization under a new Data Portability Obligation so that users can switch service providers easily.

This draft Bill also includes related amendments to the Spam Control Act (SCA), which has been in force since 2007. The SCA, for example, will be amended to cover commercial text messages sent in bulk to instant messaging accounts, such as WhatsApp and Facebook Messenger, to protect users from unsolicited messages. You can also read our full DNC guide to understand better.

If an individual discloses personal data in the possession or control of an organisation, he shall also be guilty of an offence, and could be fined up to $5,000 or jailed for up to two years, or both. Such penalties will align with the public sector’s internal rules for public officers who mishandle Government data.

PDPC deputy commissioner Yeong Zee Kin said in a statement that the public’s trust in organisations’ management of their data is “especially important” when digital services such as e-commerce are becoming increasingly prevalent. This comes as the digital economy generates a large amount of data, including in recent weeks when many activities have moved online, he said.

“The amendments… will support our organisations’ efforts as they transform and grow in the digital economy to better serve consumers,” he added.

The public consultation on MCI’s website ends on May 28 at 5pm.


What SMEs Need To Take Note About The Potential Change to PDPA Law?


We feel that the PDPA law will definitely become stricter. With so many pdpa breaches happening every month, many SMEs still did not appoint a DPO and are not PDPA Compliant at all!

Singapore government is actively reviewing the existing PDPA obligations to ensure organizations adhere to data protection best practices. Once the proposed bill has been effected, businesses that have yet to implement any data protection measures, policies and processes will find it even harder to comply.

Many SME owners have the mentality that they are “small” and that they won’t appear on the government’s radar; that the focus is only on the big boys. This is wrong because statistically, most of the enforcement cases are actually of small companies being fined sums up to SGD $20,000 and more.

Contact us if you have any questions on PDPA or need help on data protection matters! You could drop us an email at [email protected] or click the link below:



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us