


Regulations, Exemption Order & other subsidiary Legislations
Learn more about PDPA in Singapore here!
Enforcement of the Act
Here is a complete Guide to PDPA Resources and the various information with regards to the Enforcement of the Act as well as Regulations, Exemption Order and Other Subsidiary Legislations.
Regulations
- Personal Data Protection (Composition of Offences) Regulations 2013
- Personal Data Protection (Do Not Call Registry) Regulations 2013
- Personal Data Protection (Enforcement) Regulations 2014
- Personal Data Protection Regulations 2014
- Personal Data Protection (Appeal) Regulations 2015
Exemption Order
Other Subsidiary Legislation
- Personal Data Protection (Statutory Bodies) Notification 2013
- Personal Data Protection Act 2012 (Commencement) Notification 2014
- Personal Data Protection (Prescribed Law Enforcement Agencies) Notification 2014
- Personal Data Protection (Prescribed Healthcare Bodies) Notification 2015
- Personal Data Protection (Amendment) Regulations 2020
Parties to civil proceedings relating to the PDPA may also wish to refer to the Rules of Court, Order 105.
PDPA Resources - Guidelines, Public Consulltations & Guides (PDPA Information)

Sector Specific Guidelines
Advisory guidelines for Telecommunication, Real Estate Agency, Education, Healthcare, Social Service, Transport Service and Management Corporations.

Industry-led Guidelines
Refer to this set of Guidelines to have a greater understanding of personal data protection provisions in relation to PDPA.

Practical Guidance to PDPA
Practical guidance to organisations that seek clarity on the application of the PDPA under specific situations.

Public Consultations with regards to PDPA
Information for the public to submit comments and view responses on regulations and advisory guidelines.

PDPA Guides
Good practices and useful tips that organisations may adopt when handling personal data.
Offences Conducted Against PDPA
Offences Related to the PDPC’s Powers of Investigation
An organisation or a person is also guilty of an offence if any of the following is committed:
If the organisation or person with an intent to evade a request for access or correction under the Act, disposes of, alters, falsifies, conceals or destroys, or directs another person to dispose of, alter, falsify, conceal or destroy, a record containing –
- i. Personal data; or
- ii. Information about the collection, use or disclosure of personal data
If the organisation or person obstructs the PDPC or an authorised officer in the performance of their duties or exercise of their powers under the Act;
If the organisation or person knowingly or recklessly makes a false statement to the PDPC, or knowingly misleads or attempts to mislead the PDPC, in the course of the performance of its duties or powers under the Act; and
If a person makes a request for access or correction under the Act to obtain access to or to change the personal data of another individual without that individual’s authority.