Implement PDPA - PDPA Singapore Checklist to Comply PDPA: The Complete PDPA Compliance Guide for Business & Companies in Singapore

Application of the Personal Data Protection Act

The PDPA covers personal data stored in electronic and non-electronic forms.

The data protection provisions in the PDPA (parts III to VI) generally do not apply to:

  • Any individual acting in a personal or domestic basis.
  • Any employee acting in the course of his or her employment with an organisation.
  • Any public agency or an organisation in the course of acting on behalf of a public agency in relation to the collection, use or disclosure of the personal data. You may wish to refer to the Personal Data Protection (Statutory Bodies) Notification 2013 for the list of specified public agencies.
  • Business contact information. This refers to an individual’s name, position name or title, business telephone number, business address, business electronic mail address or business fax number and any other similar information about the individual, not provided by the individual solely for his or her personal purposes.

These rules are intended to be the baseline law which operates as part of the law of Singapore. It does not supersede existing statutes, such as the Banking Act and Insurance Act but will work in conjunction with them and the common law.

Learn more about PDPA in Singapore here!

Data Protection in Asia

Legislations on personal data are not limited to Singapore. Malaysia, Thailand and Indonesia also have a law that protects personal data, and coincidentally, it is also called PDPA. In Philippines, it is known as the Data Privacy Act.

The General Data Protection Regulations (GDPR) of the European Union (EU) is by far one of the most stringent legislation on personal data protection in the world. Other notable legislations around the world are the California Consumer Protection Act and The Privacy Act of Australia.

Data Protection and Cyber Security

As the world progresses into the digital age where there is greater use and even dependency on the Internet to work and perform several daily tasks like ordering food, book air tickets, and even watch the kids while at work, it is imperative that organisations and even individuals remain safe while online and not fall prey to cyber criminals.

Several data and personal data of organisations sit on several devices and online platforms. Organisations need to beware of the digital and cyber threats because any breach of personal data will result in breach of PDPA. Thus, cyber security and PDPA cannot be dichotomized.