Privacy Ninja



        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

The 11 obligations under PDPA and data protection

Obligations under PDPA and data protection
Here are the 11 obligations under PDPA and data protection that Organizations must follow

Obligations under PDPA and data protection

When Organizations collect, use, and disclose any personal data of anyone, there is an obligation for them to follow under the Personal Data Protection Act (PDPA). Failure to observe these obligations would mean that they have breached the said Act’s provisions and could be made to pay a fine of up to S$1,000,000. The following are the 11 Obligations under PDPA and data protection for Organizations that handle data: 

1. Accountability Obligation

Organizations must take steps to ensure that they are meeting their obligations under the PDPA, such as providing information about their data protection policies, practices, and complaints process upon request, appointing a data protection officer (DPO), and making business contact information available to the public.

Organizations should be willing to provide information about their data protection methods, policies, and complaint processes to anybody who asks.

For example, your organization’s privacy policy may declare that anyone who wants to learn more about the organization’s data protection practices can contact its data protection officer. It could also give way for such persons to contact that officer.

2. Notification Obligation

Organizations are required to advise individuals of the objectives for which their personal data will be collected, used, or disclosed.

Obligations under PDPA and data protection
These obligations under PDPA and data protection must be complied to avoid fines

3. Consent Obligation

Organizations are only permitted to collect, use, or disclose personal data for purposes to which an individual has consented.

Furthermore, organizations must allow individuals to withdraw consent with reasonable notice and notify them of the possible implications of doing so. When consent is revoked, ensure that you stop collecting, using, or disclosing the individual’s personal data.

4. Purpose Limitation Obligation

Organizations may only collect, use, or disclose personal data for purposes that a reasonable person would consider appropriate under the circumstances and for which the individual has given consent.

An organization may not force an individual to agree to the collection, use, or disclosure of his or her personal data beyond what is necessary to offer that product or service as a condition of providing that product or service.

5. Accuracy Obligation

Organizations must make a reasonable effort to ensure that the personal data collected is accurate and complete, especially if it will be used to make a decision that affects the individual or is disclosed to another organization.

Also Read: PDPA Compliance for the Telecommunication Sector

Obligations under PDPA and data protection
These obligations under PDPA and data protection must be complied to avoid fines

6. Protection Obligation

To prevent unauthorized access, acquisition, use, disclosure, or other threats to personal data in an organization’s control, reasonable security mechanisms must be put in place.

7. Retention Limitation

Organizations are only required to stop retaining personal data or dispose of it properly when it is no longer required for any commercial or legal reason.

8. Transfer Limitation Obligation

Organizations are only required to transmit personal data to another country according to the legislation to guarantee that the quality of protection is similar to that provided by the PDPA, unless exempted by the PDPC.

9. Access and Correction Obligation

Organizations must offer individuals access to their personal data as well as details on how the data was used or disclosed during the previous year upon request.

Organizations must also correct any errors or omissions in the individual’s personal data as soon as possible and send the corrected data to other organizations to which the personal data was disclosed (or to selected organizations to which the individual has consented) within a year of the correction.

Obligations under PDPA and data protection
These are the 11 obligations under PDPA and data protection that Organizations must follow

10. Data Breach Notification Obligation

In the case of a data breach, organizations must determine if it is notifiable. Suppose a data breach is likely to cause significant harm to individuals and/or is on a large scale. In that case, organizations must notify the PDPC and the affected individuals as soon as possible.

11. Obligations under PDPA and data protection: Data Portability

Organizations are expected to communicate the individual’s data that is in their custody or under their control to another organization in a generally used machine-readable format upon the individual’s request.

Also Read: PDPA compliance for real estate agencies



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us