What is PDPA? - PDPA Singapore Checklist to Comply PDPA: The Complete PDPA Compliance Guide for Business & Companies in Singapore

What is PDPA?

PDPA is an abbreviation for Personal Data Protection Act. In Singapore, the PDPA is a general data protection law that establishes how personal data should be protected and handled. The Personal Data Protection Commission (PDPC) is the government entity that enforces the PDPA in Singapore.

The purpose of the PDPA is to govern how organisations that operate in Singapore collect, use and disclose personal data so as to give individuals better control of their personal data. Organisations have to ensure that there is a reasonable purpose when collecting, using and disclosing personal data.

Other countries like Malaysia, Thailand and Indonesia also have a data protection that are coincidentally also called PDPA. 

For more information about PDPA in Singapore, readers may visit https://www.pdpc.gov.sg/.

The Personal Data Protection Act 2012 sets out the law on data protection in Singapore. Apart from establishing a general data protection regime, the Act also regulates telemarketing practices. Wikipedia
Originally published20 November 2012
CitationNo. 26 of 2012
Enacted byParliament of Singapore
Passed15 October 2012
Introduced byAssoc Prof Dr Yaacob Ibrahim

Objectives of PDPA

Today, vast amounts of personal data are collected, used and even transferred to third party organisations for a variety of reasons. This trend is expected to grow exponentially as the processing and analysis of large amounts of personal data becomes possible with increasingly sophisticated technology.

With such a trend comes growing concerns from individuals about how their personal data is being used. Hence, a data protection regime to govern the collection, use and disclosure of personal data is necessary to address these concerns and to maintain individuals’ trust in organisations that manage data.

By regulating the flow of personal data among organisations, the PDPA also aims to strengthen and entrench Singapore’s competitiveness and position as a trusted, world-class hub for businesses.

How does the Personal Data Protection Act work?

The PDPA will ensure a baseline standard of protection for personal data across the economy by complementing sector-specific legislative and regulatory frameworks. This means that organisations will have to comply with the PDPA as well as the common law and other relevant laws that are applied to the specific industry that they belong to, when handling personal data in their possession. 

The PDPA takes into account the following concepts:

  • Consent – Organisations may collect, use or disclose personal data only with the individual’s knowledge and consent (with some exceptions);

  • Purpose – Organisations may collect, use or disclose personal data in an appropriate manner for the circumstances, and only if they have informed the individual of purposes for the collection, use or disclosure; and

  • Reasonableness – Organisations may collect, use or disclose personal data only for purposes that would be considered appropriate to a reasonable person in the given circumstances.

Learn more about PDPA in Singapore here!