PDPA Overview: What You Should Know about the Personal Data Protection Act.
Get Acquainted with the Personal Data Protection Act
About the Personal Data Protection Act
The first thing one need to know as a Data Protection Officer (DPO) is the Personal Data Protection Act (PDPA). It is a legislative and mandatory requirement for all organisations in Singapore. It was passed in Singapore in 2012 and has been further enforced from 01 Sep 2019 with new guidelines.
The Personal Data Protection Commission (PDPC) is the main Authority in Singapore for matters relating to Personal Data Protection. It also In charge of administering and enforcing the PDPA; to protect the rights of individuals and formulate policies and guidelines for organisations for protection of personal data.
There are 3 key provisions of the PDPA.
They are as follows:
1. Do-Not-Call Advisory Guidelines
2. NRIC Advisory Guidelines
3. Nine Obligations
DPOs need to know where to find information about PDPA.
Learn more about PDPA in Singapore here!
- PDPA Compliance Checklist Singapore
- WSQ Fundamentals of the Personal Data Protection Act (PDPA) by Everest Innovation
Overview of PDPA - PDPA Implementation & Compliance for Companies and Businesses
Objectives of PDPA
Management of Personal Data & Analysis of Personal Data through Technology
Today, vast amounts of personal data are collected, used and even transferred to third party organisations for a variety of reasons. This trend is expected to grow exponentially as the processing and analysis of large amounts of personal data becomes possible with increasingly sophisticated technology.
Collection, Use & Disclosure of Personal Data
With such a trend comes growing concerns from individuals about how their personal data is being used. Hence, a data protection regime to govern the collection, use and disclosure of personal data is necessary to address these concerns and to maintain individuals’ trust in organisations that manage data.
The need to regulate the flow of Personal Data
By regulating the flow of personal data among organisations, the PDPA also aims to strengthen and entrench Singapore’s competitiveness and position as a trusted, world-class hub for businesses.
How does the Personal Data Protection Act work?
The PDPA will ensure a baseline standard of protection for personal data across the economy by complementing sector-specific legislative and regulatory frameworks. This means that organisations will have to comply with the PDPA as well as the common law and other relevant laws that are applied to the specific industry that they belong to, when handling personal data in their possession.
The PDPA takes into account the following concepts:
Consent
Organisations may collect, use or disclose personal data only with the individual’s knowledge and consent (with some exceptions).
Purpose
Organisations may collect, use or disclose personal data in an appropriate manner for the circumstances, and only if they have informed the individual of purposes for the collection, use or disclosure.
Reasonableness
Organisations may collect, use or disclose personal data only for purposes that would be considered appropriate to a reasonable person in the given circumstances.
