



What is PDPA?
PDPA is an abbreviation for Personal Data Protection Act. In Singapore, the PDPA is a general data protection law that establishes how personal data should be protected and handled. The Personal Data Protection Commission (PDPC) is the government entity that enforces the PDPA in Singapore.
The purpose of the PDPA is to govern how organisations that operate in Singapore collect, use and disclose personal data so as to give individuals better control of their personal data. Organisations have to ensure that there is a reasonable purpose when collecting, using and disclosing personal data.
Other countries like Malaysia, Thailand and Indonesia also have a data protection that are coincidentally also called PDPA.
For more information about PDPA in Singapore, readers may visit https://www.pdpc.gov.sg/.
Objectives of PDPA
Today, vast amounts of personal data are collected, used and even transferred to third party organisations for a variety of reasons. This trend is expected to grow exponentially as the processing and analysis of large amounts of personal data becomes possible with increasingly sophisticated technology.
With such a trend comes growing concerns from individuals about how their personal data is being used. Hence, a data protection regime to govern the collection, use and disclosure of personal data is necessary to address these concerns and to maintain individuals’ trust in organisations that manage data.
By regulating the flow of personal data among organisations, the PDPA also aims to strengthen and entrench Singapore’s competitiveness and position as a trusted, world-class hub for businesses.



How does the Personal Data Protection Act work?
The PDPA will ensure a baseline standard of protection for personal data across the economy by complementing sector-specific legislative and regulatory frameworks. This means that organisations will have to comply with the PDPA as well as the common law and other relevant laws that are applied to the specific industry that they belong to, when handling personal data in their possession.
The PDPA takes into account the following concepts:
Consent – Organisations may collect, use or disclose personal data only with the individual’s knowledge and consent (with some exceptions);
Purpose – Organisations may collect, use or disclose personal data in an appropriate manner for the circumstances, and only if they have informed the individual of purposes for the collection, use or disclosure; and
Reasonableness – Organisations may collect, use or disclose personal data only for purposes that would be considered appropriate to a reasonable person in the given circumstances.
Learn more about PDPA in Singapore here!