About Singapore Personal Data Protection Act 2012 (PDPA)

The Singapore Personal Data Protection Act 2012 was passed by the Singapore Parliament on 15 October 2012, which governs the collection, use and disclosure of personal data and requires the mandatory compliance for organizations.

The purpose of the Act is to ensure that Organisation recognises both the rights of the individual to protect their personal data and the need of organisation to collect, use or disclose personal data for purposes that a reasonable person would consider appropriate in the circumstances.

In addition, the new law establishes for the first time a National Do-Not-Call (DNC) registry that is intended to stop unwanted cold calls and SMS messages of a marketing or promotional nature.

If your company hires any employees, market directly to consumers whom are individuals, collects, uses or retain personal data, your company must mandatory comply.

All organisations are also required to designate at least one person to be responsible for ensuring the organization complies with the legislation.

If any individual, customer or employee complains to the Personal Data Protection Commission (PDPC) that their rights of personal data has been violated, the Commission can come to the company and start to investigate into the complaint. One of the things they’ll look at is whether the company has a compliance system in place. If they don’t, they can be fined up to S$1 million. It also means the organization can be sued in court for damages suffered.