Doing Business in Singapore? Missing on PDPA may become a big challenge for your business

Singapore is a global techgiant, topping the rankings of the Global Smart City Performance Index continuously for multiple years. Since launching its Smart Nation initiative in 2014, Singapore has introduced a lot of smart technologies in both public and private sectors. Lot of data is travelling on the cloud as cloud computing is an integral element for the digital transformation objectives and hence the laws to protect the data becomes mandatory. Singapore's Personal Data Protection Act (PDPA) governs the collection, use, disclosure and care of personal data.

Purpose of the PDPA

“To govern the collection, use and disclosure of personal data by organisations in a manner that recognises both the right of individuals to protect their personal data and the need of organisations to collect, use or disclose personal data for purposes that a reasonable person would consider appropriate in the circumstances.”

Cyber Security Service india illume consultancy bangalore cochin


What is the Personal Data Protection Act (PDPA)?


The Personal Data Protection Act (PDPA) is Singapore's primary law regulating its residents' data handling by businesses.


Businesses should take Singapore's data privacy laws as mandatory for the protection of data. As this has become of utmost importance, laws have installed nine data protection obligations with which every business must comply.



The Nine Data Protection Obligations


1. Consent Obligation

2. Purpose Limitation Obligation

3. Notification Obligation

4.  Access and Correction Obligation

5. Accuracy Obligation

6. Protection Obligation

7. Retention Limitation Obligation

8. Transfer Limitation Obligation

9. Accountability Obligation



Scope of PDPA -


All private organisations in respect of the personal data of individuals that they collect, use and/or disclose.

Organisations that are not present in Singapore but collecting, using and disclosing data within Singapore. Related organisations receiving data from these organisations being parent companies or others are not exempted from PDPA.



Who is exempted from the application of PDPA -


1. Individuals acting in a personal or domestic capacity;

2. Employees acting in the course of their employment with an organisation

3. Public agencies

4. Any other organisation or personal data, or classes of organisations or personal data as may be prescribed.


Although the government agencies are not subjected to PDPA as they have their own set of regulations, this exemption is not extended to the private sector organisations working on behalf of the government agencies.



Who regulates data protection?


The PDPC is the regulatory authority responsible for administering and enforcing the PDPA. It is part of the converged telecommunications and media regulator, the Infocomm Media Development Authority ('IMDA'), which is, in turn, a statutory board under the purview of the Ministry of Communications and Information.


Data Segmentation

Easy segregation of the data based on sources as per the PDPA guidelines

Better System usage

Low resource requirements allow mission critical system usage

Quick audit

A streamlined process for PDPA compliance in less time and investment

Data Handling

Quick mapping, analysing and remediating of data before being transferred on the cloud.

What Illume Offers
  • 1. Identifying over 300 different data types over the network.
    2. Supporting PDPA compliance obligations under Protection Obligations.
    3. Segregating data as per PDPA norms from various sources.
    4. Reducing the time and cost required to get the PDPA Compliance.
    5. Less time for mapping, analysing and remediating data before transferring to cloud storage.
    6. Personal Data Protection Support Office.
    7. Gap Assessment and Framework Development.
    8. Training / Awareness.

Book a free consultation call for your organization

Discover Our Latest Resources - Blog