Frame-14

Privacy Ninja

        • DATA PROTECTION

        • Email Spoofing Prevention
        • Check if your organization email is vulnerable to hackers and put a stop to it. Receive your free test today!
        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • AntiHACK Phone
        • Boost your smartphone’s security with enterprise-level encryption, designed by digital forensics and counterintelligence experts, guaranteeing absolute privacy for you and up to 31 others, plus a guest user, through exclusive access.

        • CYBERSECURITY

        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$3,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Secure your digital frontiers with our API penetration testing service, meticulously designed to identify and fortify vulnerabilities, ensuring robust protection against cyber threats.

        • Network Penetration Testing
        • Strengthen your network’s defenses with our comprehensive penetration testing service, tailored to uncover and seal security gaps, safeguarding your infrastructure from cyber attacks.

        • Mobile Penetration Testing
        • Strengthen your network’s defenses with our comprehensive penetration testing service, tailored to uncover and seal security gaps, safeguarding your infrastructure from cyber attacks.

        • Web Penetration Testing
        • Fortify your web presence with our specialized web penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats.

        • RAPID DIGITALISATION

        • OTHERS

Personal Data Protection Act Singapore: Is Your Business Compliant?

Personal Data Protection Act Singapore: Is Your Business Compliant?

Compliance with the personal data protection act Singapore has enforced since 2014 is crucial to all SG Businesses
Compliance with the personal data protection act Singapore has enforced since 2014 is crucial to all SG Businesses

Running a business in Singapore, like elsewhere, entails responsibilities. In 2014, the Singapore government has enacted the Personal Data Protection Act of 2012 (PDPA). This law governs the collection, use, and disclosure of personal data by all private organizations. With the new 2020 amendment of the Personal Data Protection Act Singapore has taken into practice, it is high time that we do a quick review.

First things first, what is personal data?

Personal data pertains to the data about a certain individual who can be identified from that data, or from that data, and other information to which a business organization has or is likely to have access.

We are talking here about the things that can identify your individuality; from your fingerprints, face geometry, your NRIC number, voice, DNA profile, and even your ID photo or your latest selfies!

What is the coverage of the Personal Data Protection Act Singapore has enforced?

Are all types of personal data covered? Well, technically no. There are few categories which the PDPA does not cover:

  • Personal data that have been on record for at least 100 years (historical personal data)
  • Personal data of an individual who has been dead for 10 years or more
  • Business contact information such as:
    • Name
    • Business Position or Title
    • Business contact number
    • Business address and email address

It is important to note that the business contact information, for the PDPA to not apply, should not have been provided by an individual solely for personal purposes.

Now, is your business obliged to comply with the Singapore PDPA?

Generally, the personal data protection act Singapore has adapted, applies to all businesses within its jurisdiction. The proper approach would be, to enumerate the exceptions. If you are operating as one of the following, you do not have to comply with the PDPA:

  • A public agency
  • An organization acting on behalf of a public agency with regard to the collection, use, and disclosure of personal data
  • An private individual acting personal or domestic capacity

How about your employees? They are still required to adhere to their respective organization’s policies for ensuring their employer’s compliance with the personal data protection act Singapore enforces. However, employees themselves are not liable for their employer’s violation of the personal data protection act.

Looking for Compliance Course? Read: Compliance Course Singapore: Spotlight on the 3 Offerings

The personal data protection act Singapore has enacted, mandates 10 main obligations
The personal data protection act Singapore has enacted, mandates 10 main obligations

Your 10 main obligations under the Personal Data Protection Act Singapore has mandated

And here we come to the most crucial part in the provisions of the Personal Data Protection Act of 2012, the main obligations of businesses operating in Singapore. Most companies prefer to have this conspicuously displayed on their workplace, so it is best that you also consider doing so.

  1. Consent Obligation

Your business can collect, use and/or disclose the personal data of private individuals so long as they have consented to those acts mentioned.

2. Purpose Limitation Obligation

Your business can collect, use, and/or disclose the personal data of private individuals for the sole purpose for which they consented thereto.

3. Notification Obligation

Your business should always inform private individuals of the purpose for which their personal data is being collected, used, and/or disclosed. The personal data protection act Singapore imposes, is one which requires that all notification must be clearly communicated.

4. Access and Correction Obligation

Your business has the obligation to provide information to private individuals, upon their request as soon as possible (within reasonable period). This pertains to inquiries on what personal data of theirs is within your business’s possession or control, and/or how it has been used or disclosed.

5. Accuracy Obligation

Your business has the obligation to ensure that the personal data collected is accurate and complete, especially if it would have you make decision that affects the private individual, or if you are to disclose the information to another organization.

6. Protection Obligation

Your business must put security measures to protect all personal data within your possession or control. The PDPA intends to prevent risks such as unauthorized access, collection, use and/or disclosure of these data.

7. Retention Limitation Obligation

Your business should only retain these personal data so long as is necessary for business or any other legal purposes.

8. Transfer Limitation Obligation

Transferring of personal data overseas, like data storage in the cloud, should meet the PDPA’s data protection requirements.

9. Data Breach Notification Obligation

Should your business suffer data breach that is likely to cause (or has caused) a significant harm to the private individuals affected (or at least 500 individuals), you are required to inform them, likewise, the Personal Data Protection Commission (PDPC)

10. Accountability Obligation

Your business has the final obligation to implement the necessary policies, procedures, and guidelines to fulfill your PDPA obligations. The information about these policies must always be publicly available.

With all these information, finally the question is, Is Your Business Compliant with the Personal Data Protection Act Singapore has enforced? To do so, you need to thoroughly audit your operations. If you find that you did not tick most of the boxes, consider contacting a Data Protection Officer in Singapore.

Also Read: Data Protection Officer Singapore | 10 FAQs

Protecting personal data that the organisation manages is the primary duty that must be upheld, or else risk the financial penalty imposed by the PDPC in case of a breach. To help organisations with their data protection compliance, they can outsource a DPO, which is an officer responsible for ensuring that all data protection provisions are complied with at all times. 

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us