The provisions of the PDPA were formulated keeping in mind the need to keep compliance costs manageable for businesses. A transition period was provided to allow organisations sufficient time to phase in the necessary measures to comply with the data protection regime.
There may be some costs associated with complying with the PDPA, especially for businesses that have not adopted any data protection practices. Those that already have adequate data protection measures in place should not incur high incremental costs to comply with the new law. The impact on Small and Medium Enterprises (SMEs) should also be minimal if they do not collect, process or hold on to large amounts of personal data.
The costs should be viewed against the benefits of having such a law. As data protection legislation is increasingly seen as a basic feature in an economy’s legal framework, the lack of a data protection regime potentially hinders the flow of information across borders, and disadvantages Singapore businesses in the global economy.