Privacy Ninja



        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

PDPA compliance for real estate agencies

PDPA compliance for real estate agencies
PDPA compliance for real estate agencies

When organizations in Singapore, such as real estate agencies, collect, use, or disclose an individual’s personal data, they must comply with the terms of the PDPA unless they are in the course of acting on behalf of a public agency or face a substantial penalty.

PDPA compliance for real estate agencies in Singapore

Not all data collected by real estate agencies constitute personal data. As defined in the Advisory Guidelines For The Real Estate Agency Sector of 2014, personal data is data, whether true or not, about an individual who can be identified: a) from that data, or b) from that data and other information to which the Organization has or is likely to have access. Thus, when an individual cannot be identified from the said data, the PDPA does not generally apply.

Thus, when the types of personal data that are typically collected by the estate agent(s) or salesperson(s), that may include, but are not limited to, the full name, NRIC number, marital status, contact details, and residential addresses of the client(s) and/or other parties to the transaction, does not identify a specific person, it is not considered as personal data.

PDPA compliance for real estate agencies

PDPA compliance for real estate agencies: Consent and Notification Obligations

According to the 2014 Advisory Guidelines For The Real Estate Agency Sector, whenever an organization undertakes activities relating to the collection, use, or disclosure of personal data, they must obtain consent from individuals and notify them for such collection, use, and disclosure of personal data, unless exceptions apply.

The PDPC does not indicate any precise method of collecting consent from persons in the new recommendations for PDPA compliance for real estate agencies. It is up to the Organization to determine how they acquire it.

PDPA compliance for real estate agencies: Application of the Do Not Call Provision

PDPA compliance for real estate agencies

Under the Do Not Call provision of the PDPA, organizations cannot send specified messages to the individual’s telephone or mobile number registered in the Do Not Call Registry. Otherwise, such Organizations will face a hefty fine. 

Under the Do Not Call Provision, these specified messages are messages with a purpose to offer to supply, advertise or promote goods or services, land or an interest in land, or a business or investment opportunity, or a supplier of such goods, services, land or opportunity.

However, there are exceptions to this rule. If the recipient gave the consent for the unspecified message, or if such message is a specified one, the Organization is exempted from complying with its obligation under the Exemption Order. 

Under the Exemption Order, if there exists an “ongoing relationship” between the sender and a recipient, the Organization is exempted from the requirement to check the relevant Do Not Call Registers. 

An “ongoing relationship” under the Exemption Order means a relationship which is on an ongoing basis, between a sender and a subscriber or user of a Singapore telephone number, arising from the carrying on or conduct of a business or activity (commercial or otherwise) by the sender.

Also Read: PDPA Compliance Singapore: 10 Areas To Work On

PDPA compliance for real estate agencies

Hiring a Data Protection Officer (DPO) and PDPA compliance for real estate agencies 

The PDPA applies to organizations that collect, utilize, and disclose data. According to the PDPC decision and undertakings, if there is a violation, regardless of its source (i.e. if it was just a mistake made by its employee), the Organization might be forced to pay a high fine of up to S$1,000,000. To avoid this, the appointment of a DPO is necessary.

The DPO’s importance rests in ensuring that all PDPA compliance is satisfied. Every Organization subject to the PDPA is obligated to employ DPOs to ensure that no breaches occur in the future.

This is because the DPO is responsible for the following duties in order to limit any data breach:

a. Putting together a personal data protection policy that sets out the purposes for which personal data may be collected, used, or disclosed by the real estate agencies, as well as other data protection practices to ensure compliance with the PDPA and making information about this policy available to all stakeholders;

b. Raising awareness and fostering a culture of data protection among staff and key personnel

c. Developing and implementing policies and processes for the proper handling and management of personal data protection-related queries and complaints (e.g., access and correction requests) and making information about the complaints process available on request; and

d. Alerting the real estate agencies to any risks that might arise concerning the collection, use, or disclosure of personal data.

How Privacy Ninja can help

Privacy Ninja, one of the leading data protection service providers in Singapore, can help with your PDPA compliance needs with ease without you lifting a finger for a competitive price. Privacy Ninja value adds to your organization’s data protection policies by participating in Privacy Ninja’s exhaustive PDPA training. In sum, we got you covered with your PDPA compliance needs. 

Talk to us!

Also Read: PDPA compliance for Singapore schools



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us