Privacy Ninja



        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

PDPA Compliance for the Telecommunication Sector

The PDPA compliance for the Telecommunication sector
The PDPA compliance for the Telecommunication sector is a must as they collect, use, and disclose personal data.

Organizations that collect, use, and disclose personal data of individuals are required to comply with the provisions of the Personal Data Protection Act. Otherwise, they will be made to pay a hefty fine. This is why the telecommunication sector is encouraged to read the Guidelines and other advisories from the PDPC for them to be guided on the latest obligations to follow.

PDPA compliance for the Telecommunication sector

Not all data collected by the telecommunication sector constitutes as personal data. As defined in the Advisory Guidelines for the Telecommunication Sector of 2014, personal data is data, whether true or not, about an individual who can be identified: a) from that data, or b) from that data and other information to which the Organization has or is likely to have access. Thus, when an individual cannot be identified from the said data, the PDPA does not generally apply.

Thus, in the cases of mobile, telephone, and International Mobile Equipment Identity (“IMEI”) numbers, where an individual is not identifiable from the data, then these are not personal data and the PDPA obligations do not apply. However, while the data cannot pinpoint a specific person but an organization has or is likely to have access to other information that will allow the individual to be identified when taken together with that data, then the Guidelines must be strictly observed.

Also Read: PDPA compliance for the social service sector

PDPA compliance for the Telecommunication sector: Data Protection Provisions

Under the PDPA, Organizations in the telecommunication sector must comply with the obligations set by the PDPA and enforced by the PDPC. Furthermore, they are required to obtain consent from the individual for a limited purpose that has been notified to the individual for the collection, use, and disclosure of their personal data, unless exceptions apply.

When an individual willingly contributes their personal data to an organization for a specific purpose, and it is reasonable that they would do so, the individual is presumed to agree to the collection, use, or dissemination of the data. Furthermore, when such personal data is transferred from one Organization to another for a specific purpose, the person is presumed to agree to the other Organization’s collection, use, or disclosure of the data for that purpose.

The PDPA compliance for the Telecommunication sector
The PDPA compliance for the Telecommunication sector

PDPA compliance for the Telecommunication sector: Application of the Do Not Call Provision

Under the Do Not Call provision of the PDPA, organizations cannot send specified messages to the individual’s telephone or mobile number registered in the Do Not Call Registry. Otherwise, such Organizations will face a hefty fine. 

Under the Do Not Call Provision, these specified messages are messages with a purpose to offer to supply, advertise or promote goods or services, land or an interest in land, or a business or investment opportunity, or a supplier of such goods, services, land or opportunity.

However, there are exceptions to this rule. If the consent was given by the recipient for the unspecified message, or if such message is a specified one, the Organization is exempted from complying with its obligation under the Exemption Order. 

Under the Exemption Order, if there exists an “ongoing relationship” between the sender and a recipient, the Organization is exempted from the requirement to check the relevant Do Not Call Registers. 

An “ongoing relationship” under the Exemption Order means a relationship which is on an ongoing basis, between a sender and a subscriber or user of a Singapore telephone number, arising from the carrying on or conduct of a business or activity (commercial or otherwise) by the sender.

Every telecommunication service provider is required by Section 42 of the PDPA to notify the Commission of all discontinued Singapore telephone numbers. However, the license granted by the original subscriber is not revoked.

In some situations, the Commission recognizes that individuals may have clear and unambiguous authorisation from the original subscriber of a specific telephone number, which is afterwards cancelled by the original subscriber and assigned to a new person.

Similarly, a user (original user) of a telephone number may stop using that number (without causing any changes to the subscriber) and allow a new user to use the number. In some cases, the cancellation of a phone number or a change in the number’s user does not automatically or unilaterally revoke the authority granted by the original subscriber or user.

However, it should be noted that once users are aware that the subscriber or user who consented to the transmission of specified messages to that telephone number is no longer the current subscriber or user of that telephone number, they cannot rely on the authorization gained from the original subscriber or original user to send specified messages to that telephone number.

Specified messages sent by telecommunication operators

It is in the understanding that telecommunication operators typically send messages with the following characteristics:

  • Account information, such as account balance, details, and reminders for late payments;
  • Product or service information; and
  • Marketing information.

As a general rule, messages sent by the telecommunication operators based on the following characteristics do not constitute a specified message, and the Do Not Call provision does not apply. 

How Privacy Ninja can help

The PDPA compliance for the Telecommunication sector
The PDPA compliance for the Telecommunication sector

Privacy Ninja can help with your PDPA compliance needs with ease without you lifting a finger for a competitive price. Furthermore, value adds to your organization’s data protection policies by participating in Privacy Ninja’s exhaustive PDPA training. In sum, we got you covered with your PDPA compliance needs. 

Talk to us!

Also Read: PDPA compliance for the healthcare sector



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us