Privacy Ninja



        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

How To Comply With PDPA: A Checklist For Businesses

how to comply with pdpa
Singapore organisations have an obligation to ensure that personal data under their management must be safeguarded. Read on for more information on how to comply with PDPA.

How To Comply With PDPA: A Checklist For Businesses

Read on for more information on how to comply with PDPA, because Singapore organisations have an obligation to ensure that personal data under their management is safeguarded.

✍️ It all starts with a basic overview and understanding of the PDPA provisions. As they say, ignorance of the law excuses no one. Let Privacy Ninja’s PDPA Consultancy & Training provide you with the knowledge as well as steps on how it may be applied to the organisations for compliance. Get started today.

At the recent Singapore Budget 2021 presentation, cybersecurity has been highlighted – yet again – as among the emerging technologies that will benefit from the government’s SG$24 billion (US$18.1 billion) funding. Undoubtedly, organisations stand to gain from the government’s efforts to tighten cybersecurity measures. However, these also serve to remind them of their own obligations to protect personal data under their management.

With the unprecedented growth in data-centric technologies plus digitalisation in general, there is also a rapid growth in the amount of personal data collected and processed in Singapore and beyond.

In Singapore, it is mandatory for companies to obtain an individual’s consent before they can collect, use, or disclose any personal information pertaining to that individual. The Personal Data Protection Act (PDPA) hinges on two key pillars for safeguarding consumers: the Do Not Call (DNC) Registry and general data protection provisions. As a business operating in Singapore, it is your duty to understand the scope of this regulation and its potential impact on your firm’s operations.

PDPA Amendment Act 2020

In November 2020, the timely Personal Data Protection (Amendment) Bill 2020 was passed. This seeks to:

  • bolster the accountability of organisations
  • recalibrate the balance between individual’s consent and organisational accountability to leverage data for relevant and legal purposes
  • allow greater consumer freedom over their own personal data, and
  • enhance the effectiveness of enforcement efforts by the Personal Data Protection Commission (PDPC).

These amendments to the PDPA couldn’t have come at a better time. In the swift-changing landscape of the digital economy, Singapore’s personal data protection laws are brought up-to-date and are aligned with international standards like the GDPR.

Also Read: 4 Considerations In The PDPA Singapore Checklist: The Specifics

how to comply with pdpa
For Singapore businesses, learning how to comply with PDPA is no longer just nice to have, but a necessity.

Personal data – a refresher

Under the PDPA, “personal data” is defined as: (a) data about a person who can be identified from that data itself, or (b) data about a person who can be identified from that data and other details to which your business has or likely to have access.

Check out examples of personal data that can, on its own, identify an individual:

  • Biometric identifiers (e.g. face geometry or fingerprints)
  • Name and NRIC number
  • Photograph or video image of a person
  • Voice of a person
  • DNA profile

It should also be noted that the PDPA safeguards, to a limited capacity, the personal data of individuals who have been deceased for less than 10 years. For such personal data, only the provisions pertaining to the disclosure and safeguarding of personal data will apply.

✍️ Under the PDPA, it is mandatory for all businesses in Singapore to appoint a Data Protection Officer (DPO). Do you know that you can outsource your DPO? Let us know how we can help you in this area, so you can focus on growing your business. Get started today.

Also Read: The 3 Main Benefits Of PDPA For Your Business

Why is it crucial to learn how to comply with PDPA?

While it is true that compliance with PDPA helps keep hefty fines at bay in the event of a breach, there’s more to this than merely preventing your cashflow from getting disrupted:

  1. When your business demonstrates compliance, there’s a higher chance that you will gain customer loyalty.
  2. You cultivate trust among stakeholders which include your customers, employees, and other relevant profiles in your organisation’s community.
  3. PDPA compliance can help to lower the risk of a data breach, and reduce the impact should a breach really happen.

Your checklist on how to comply with PDPA

Does your business regularly collect personal data? If the answer is yes, the following checklist is a must-have for your organisation, to keep track of your compliance with the PDPA provisions:

  1. What personal data is being taken – this is to comply with the Protection Obligation. Being privy to the different kinds of personal data being taken by your organisation will allow you to have a better view of the kind of protective measures required and check if the intentions for collecting such data are best fulfilled by the data collection.
  2. Why such personal data is being collected – this is to comply with the Purpose Limitation Obligation and Retention Limitation Obligation
  3. Who is collecting the personal data – this is to comply with the Consent Obligation and Notification Obligation. In the collection process, only authorised staff who have received sufficient training in PDPA compliance should be participating.
  4. Where the personal data is stored – this is to comply with the Protection Obligation.
  5. Who receives the personal data being collected – this is to comply with the Access and Correction Obligation and Protection Obligation. Businesses in Singapore are required by law to provide access to an individual’s personal data if requested by that individual. However, before doing so, it is your duty to verify the identity of the individual. For instance, by asking for relevant identification documents before giving such access. This, in turn, would prevent unintended leaks of personal data.

In an era of rapid digitalisation, consumers are more empowered than ever to know the value of their personal data. They are also in a better position to demand its safekeeping and management.

If you need more information on how your organisation can achieve full PDPA compliance, we at Privacy Ninja are here to help! Simply drop us a note and our best consultants will reach out to you.



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us