The European Union General Data Protection Regulation (EU GDPR) entered into force on 25 May 2018. The EU GDPR articles will apply to an organisation established outside of the EU, so long as the organisation offers goods or services to individuals in the EU, or monitors their behavior within the EU.
The PDPC has developed a factsheet on the EU GDPR articles which highlights the key requirements of the EU GDPR articles.
The EU GDPR articles may apply to organisations in Singapore if they offer goods or services (whether or not payment is required) to individuals in the EU or monitor the behavior of individuals in the EU.
For example, presenting a version of your organisation’s website in the vernacular language of a EU Member State, publishing the price of products or services in Euros or the currency of a EU Member State (e.g. Swedish krona or Danish krone), and offering to ship goods to the EU Member State, may amount to offering goods to individuals in the EU.
If an organisation is targeting individuals in the EU in this sense, it may be required to designate a European representative if it processes data on a large scale (i.e. not just occasional processing) or if it processes special categories of personal data as defined in Articles 9(1) and 10 of the GDPR.
Compliance with the PDPA does not necessarily mean the organisation is in compliance with the EU GDPR articles as there are differing requirements under the two regimes.
The European regulators have provided guidance on how to comply with the EU GDPR articles. Organisations may refer to the resources issued by the European regulators on the EU GDPR articles requirements, or seek professional legal advice on compliance with the EU GDPR articles where necessary.
PDPC’s factsheet on the EU GDPR articles, which highlights the key requirements of the EU GDPR articles, may be useful for organisations’ information.
The following scenarios illustrate when EU GDPR articles is likely or unlikely to apply to the processing of personal data:
Also read: Privacy policy template important tips for your business
The contents herein are not intended to be an authoritative statement of the law or substitute for legal or other professional advice. The scenarios are intended to illustrate how organisations in Singapore may be impacted by the EU GDPR articles. It does not provide an interpretation of the EU GDPR articles. Please refer to the EU GDPR articles text and the resources issued by the European regulators on the interpretation of the EU GDPR articles. Where further assistance is required, organisations may wish to seek professional legal advice to ensure compliance with the EU GDPR articles.
Also read: 12 brief explanation about the benefits of data protection for business success
Importance of Efficient Access Controls that every Organisation in Singapore should take note of. Enhancing…
Prioritizing Security Measures When Launching a Webpage That Every Organisation in Singapore should take note…
Importance of Regularly Changing Passwords for Enhance Online Security that every Organisation in Singapore should…
Comprehensive Approach to Data Protection and Operational Integrity that every Organsiation in Singapore should know…
Here's the importance of Pre-Launch Testing in IT Systems Implementation for Organisations in Singapore. The…
Understanding Liability in IT Vendor Relationships that every Organisation in Singapore should look at. Understanding…
This website uses cookies.