On May 25, 2018, the General Data Protection Regulation (GDPR Singapore) went into effect. The GDPR Singapore will apply to any organisation established outside of the EU that offers goods or services to EU citizens or monitors their behavior within the EU.
The PDPC has created a factsheet on the GDPR Singapore that highlights the key GDPR Singapore requirements.
The GDPR Singapore may apply to Singaporean organisations that provide goods or services to individuals in the EU (whether or not payment is required) or monitor the behaviour of individuals in the EU.
For example, presenting a version of your organization’s website in an EU Member State’s vernacular language, publishing prices of products or services in Euros or the currency of an EU Member State, and offering to ship goods to any EU Member State may constitute offering goods to individuals in the EU.
Suppose an organisation is targets individuals in the EU this way. In that case, it may be required to appoint a European representative if it processes data on a large scale (rather than just occasionally) or if it processes any special categories of personal data as defined in GDPR Articles 9(1) and 10.
Compliance with the PDPA does not necessarily imply compliance with the GDPR Singapore, as the two regimes have different requirements.
The European Commission has issued guidance on how to comply with the GDPR Singapore. Organizations may refer to European regulators’ resources on GDPR Singapore requirements or seek professional legal advice on GDPR Singapore compliance where necessary.
The PDPC’s factsheet on the GDPR Singapore, which highlights the key GDPR Singapore requirements, may be useful for organisations’ information. The factsheet can be found here.
Also read: Completed DPIA Example: 7 Simple Helpful Steps To Create
The following scenarios demonstrate when GDPR Singapore is likely or unlikely to apply to personal data processing:
Data protection has never been this robust with the implementation of GDPR Singapore and the PDPA. With these laws working together to ensure personal data is safe and managed well by organisations in Singapore, the instances of breaches are further minimized and prevented for the benefit of any individual entrusting their personal information to these organisations.
To ensure its compliance, organisations can opt to hire an outsourced Data Protection Officer (DPO) like Privacy Ninja, who also caters to Singapore entities that follow their HQ’s GDPR, if they do not have an in-house one. It is important that each organisation has a DPO not just because it is mandated but also to ensure that no stones are left unturned when it comes to data protection compliance.
Also read: How Being Data Protection Trained Can Help With Job Retention
Role of Enhanced Access Controls in Safeguarding Personal Data in Telecommunications that every Organisation in…
Effective Incident Response Procedures in Strengthening Data Security that every Organisation in Singapore should know…
Crucial Role of Regular Vulnerability Scanning that every Organisation in Singapore should know. Strengthening Your…
Enhancing Data Security with Multi-Factor Authentication that every Organisation in Singapore should know. Enhancing Data…
Strong Password Policy as a first line of defense against data breaches for Organisations in…
Importance of Efficient Access Controls that every Organisation in Singapore should take note of. Enhancing…
This website uses cookies.