Summary of Personal Data Protection Act (PDPA)

Table of Contents

What is PDPA?

Establishment on 2 Jan 2013
Mission to promote & enforce Personal Data Protection Act (PDPA), fostering trust between businesses & consumers
Represent government internationally, ensuring data protection standards align with global best practices.
Work involves balancing data protection with legitimate data use by implementing policies and guidelines, reviewing practices, and collaborating with sector regulators.
The focus is educating businesses to adopt reasonable data protection practices while empowering individuals to safeguard their personal information.
Manage the Do Not Call Registry to enhance customer confidence by ensuring individuals receive only the telemarketing messages they want
Leadership team: Commissioner, Deputy Commissioner, supported by an Advisory Committee that provides expert guidance on data protection matters

PDPA is designed to protect personal data while allowing legitimate data use
Sets a baseline standard for personal data protection, complementing sector-specific laws
Includes the establishment of the Do Not Call (DNC) Registry
Defines personal data as any information that can identify an individual, directly or indirectly
Aims to maintain trust in data management while reinforcing Singapore’s position as a business hub
Scope covers electronic and non-electronic data, excluding personal/domestic activities, public agencies, and business contact information.
Organizations must comply with data protection obligations and safeguard personal data from unauthorized access, collection, use, or disclosure.
PDPA was introduced in 2013, with amendments in 2020 that took effect in 2021 to enhance effectiveness and reach PDPA forms a comprehensive legislative framework for data protection in Singapore, alongside the Info-communications Media Development Act 2016

Enforcement decisions maintain compliance with the PDPA by publishing decisions on organizations that have violated the Act to educate others and accepting undertakings from organizations to address potential violations with practical remediation plans.
Provide resources and guidance to help organizations understand and implement data protection practices, including advisory guidelines, sector-specific guidance, and industry-led best practices.
Engage the public through consultations on regulations, inviting feedback for enhanced transparency and collaboration.
Offer practical guides with tips and good practices for handling personal data responsibly and effectively.

Commitment to education includes providing materials and resources to support understanding and implementation of data protection, covering the concepts of anonymization, updating the Do Not Call Registry, and statistics on inquiries and complaints.
Data Protection Officers (DPOs) benefit from the DPO Connect e-Newsletter, which regularly updates best practices and tools such as the Basic DPOinBox and the PDPA Assessment Tool for Organizations.
Provide resources and guides tailored to emerging technologies like blockchain and biometric data for robust data protection in ICT systems.
Offer advisories on data collection for COVID-19 contact tracing, reflecting the commitment to timely and relevant guidance.

Offer training courses and certifications through initiatives like the APEC Privacy Rules, enhancing privacy and data protection skills and knowledge.
Provide resources through the ASEAN Data Management Framework for regional businesses to manage data-related operations effectively.
Conduct a comparative analysis of the PDPA and EU GDPR to support organizations in navigating international data protection requirements.

Conduct surveys to gather insights into industry and consumer perspectives on the PDPA.
Use reports to inform ongoing efforts to refine and improve data protection standards in Singapore.
Annual reports highlight achievements and future directions, reflecting the commitment to transparency and accountability.

Emphasize the importance of appointing a Data Protection Officer (DPO) for every business to ensure compliance and security.
Provide resources on data disposal, security, and personal data protection stories to guide organizations’ data protection journey.
Enhance public awareness through the TV series “Your Data, Our Responsibility,” showcasing organizations’ data protection initiatives and consumer-focused resources, such as tips on protecting personal data and understanding the benefits of the PDPA.