Products
By Use Cases By Roles
Data Command Center
View
Learn more

AI Security & Governance

Discover, assess, and safeguard AI usage

Learn more

Data Access Intelligence & Governance

Identify which users have access to sensitive data and prevent unauthorized access

Learn more

Asset and Data Discovery

Discover dark and native data assets

Learn more

LLM Firewall

Secure your GenAI applications

Learn more

Data Privacy Automation

PrivacyCenter.Cloud | Data Mapping | DSR Automation | Assessment Automation | Vendor Assessment | Breach Management | Privacy Notice

Learn more

Sensitive Data Intelligence

Discover & Classify Structured and Unstructured Data | People Data Graph

Learn more

Data Flow Intelligence & Governance

Prevent sensitive data sprawl through real-time streaming platforms

Learn more

Data Consent Automation

First Party Consent | Third Party & Cookie Consent

Learn more

Data Catalog

Automatically catalog datasets and enable users to find, understand, trust and access data

Learn more

Data Lineage

Track changes and transformations of data throughout its lifecycle

Learn more

Data Security Posture Management

Secure sensitive data in hybrid multicloud and SaaS environments

Learn more

Data Breach Impact Analysis & Response

Analyze impact of a data breach and coordinate response per global regulatory obligations

Learn more

Compliance Management

Automate Compliance with Global AI and Data Frameworks using Common Controls and Tests
Data Controls Orchestrator
View
Data Command Center
View
Sensitive Data Intelligence
View

Asset Discovery
Data Discovery & Classification
Sensitive Data Catalog
People Data Graph
Learn more

Privacy

Automate compliance with global privacy regulations

Data Mapping Automation

View

AI Security & Governance

View

Data Subject Request Automation

View

People Data Graph

View

Assessment Automation

View

Cookie Consent

View

Universal Consent

View

Vendor Risk Assessment

View

Breach Management

View

Privacy Policy Management

View

Privacy Center

View

Learn more

Security

Identify data risk and enable protection & control

Data Security Posture Management

View

AI Security & Governance

View

LLM Firewall

View

Data Access Intelligence & Governance

View

Data Risk Management

View

Data Breach Analysis

View

Learn more

Governance

Optimize Data Governance with granular insights into your data

Data Catalog

View

Data Lineage

View

Data Quality

View

AI Security & Governance

View

Compliance Management

View

LLM Firewall

View
Data Controls Orchestrator
View
Solutions
Technologies

Covering you everywhere with 1000+ integrations across data systems.

Snowflake

View

AWS

View

Microsoft 365

View

Salesforce

View

Workday

View

GCP

View

Azure

View

Oracle

View

Databricks

View

Learn more

Regulations

Automate compliance with global privacy regulations.

US California CCPA

View

CPRA
California Privacy Rights Act

View

European Union GDPR

View

Thailand’s PDPA

View

China PIPL

View

Canada PIPEDA Compliance Solution

View

Brazil's LGPD

View

+ More

View

Learn more

Roles

Identify data risk and enable protection & control.

Privacy

View

Security

View

Governance

View

Marketing

View
Resources

Blog

Read through our articles written by industry experts

Collateral

Product brochures, white papers, infographics, analyst reports and more.

Knowledge Center

Learn about the data privacy, security and governance landscape.

Securiti Education

Courses and Certifications for data privacy, security and governance professionals.

Webinars

Learn from industry thought leaders why you need a Data Command Center to enable safe use of data.
Company

About Us

Learn all about Securiti, our mission and history

Partner Program

Join our Partner Program

Contact Us

Contact us to learn more or schedule a demo

News Coverage

Read about Securiti in the news

Press Releases

Find our latest press releases

Careers

Join the talented Securiti team

Knowledge Center » Data Privacy Automation

What is Singapore’s Personal Data Protection Act (PDPA)?

By Anas Baig | Reviewed By Muhammad Faisal Sattar

Published December 28, 2020

Singapore enacted the Personal Data Protection Act (the "PDPA") in 2012, which came into force in different phases; the provisions concerning data protection were enforced on 2nd July 2014. There are two main sets of provisions in the PDPA; provisions related to ‘Data Protection’ govern the collection, use, and disclosure of individuals' personal data, and the provisions pertaining to Singapore’s national ‘Do Not Call Registry’ set out the organisation’s obligations in relation to sending marketing messages to Singapore's national phone numbers.

The Personal Data Protection Regulations 2014, issued under the PDPA, specifically lay down the data transfer out of Singapore requirements, and the procedure of data access and/or correction requests from individuals. Singapore has recently introduced new extensive amendments to PDPA through the Personal Data Protection (Amendment) Act 2020.

Definition of Personal Data under the PDPA

The PDPA defines 'personal data' as ‘data, whether true or not, about an individual who can be identified (a) from that data; or (b) from that data and other information to which the organisation has or is likely to have access.’ All types of personal data come under the ambit of the PDPA, whether it is electronic data or nonelectronic, and regardless of its sensitive nature.
‘Anonymised data' does not come under the scope of the PDPA.

An organisation must implement the necessary policies and procedures in order to meet its obligations under the PDPA and shall make information about its policies and procedures publicly available.
An organisation must cease to retain documents containing personal data, or remove the means by which the personal data is collected once the purpose is fulfilled for which data is collected.
Organisations are responsible for the personal data processed on their behalf by other parties/contractors (data intermediaries). It indicates that the organisation may be held liable for any non-compliance with this provision by the data intermediaries.

Mandatory Data Breach Notification Requirement

Through new amendments to PDPA in 2020, Singapore has introduced the mandatory requirement for the organizations to notify the PDPC and affected individuals of a data breach that
- results in, or is likely to result, in significant harm to the affected individuals; or
- is of a significant scale
Organisations will also be required to notify affected individuals if the data breach is likely to result in significant harm to them. Where an organisation has reason to believe that a data breach has occurred, it must conduct, in a reasonable and expeditious manner, an assessment to assess whether it is a notifiable data breach or not.

If organisations misuse the personal data or hide information concerning its collection, use, or disclosure, PDPA states penalties not exceeding S$50,000 (approx. $36,000).

Penalty for hindering a PDPC investigation can lead to a fine of not more than S$100,000 (approx. $72,000). The PDPA states that companies are also liable for their employees’ actions, whether they are aware of them or not.

New amendments to PDPA have enforced increased financial penalties for breaches of the PDPA up to either S$1 million or 10% of the organization’s annual turnover in Singapore for organizations with annual local turnover exceeding S$10 million, whichever is higher.

Non-compliance with specific provisions under the PDPA may also constitute an offense, for which a fine or a term of imprisonment may be imposed.

An individual can bring a private civil action against an organisation for having suffered loss or damage directly due to a contravention of the provisions of the PDPA.

Automating privacy operations across your organization

The multi-disciplinary practice to grow trust-equity of your brand and comply with privacy regulations.

Get the Book

“By leveraging the PrivacyOps constructs from this book across our organization we were able to not only save time and money but also mitigate the risks associated with manual methods of privacy management.”

- Marty Collins, Chief Privacy and Legal Officer, QuinStreet, Inc

Automating Compliance and how Securiti can help?

Given the complex obligations for the organisations to manage the disclosure, access, and modification requests of the individuals, ensuring the effective security measures, fulfilling data breach notification requirements, and other compliance requirements, complying with the PDPA can be very labor-intensive and costly.

Securiti is the leader in AI-powered PrivacyOps and data governance. Similar to DevOps for software, PrivacyOps reimagines how to implement privacy management throughout an organisation efficiently.

Securiti is a recognized innovator in this market, having been awarded "Most Innovative Startup" at RSA Conference 2020, and Leader in the Forrester Wave: Privacy Management Software. Securiti's PrivacyOps solution uniquely combines real-time data intelligence harnessing bot and AI technology with full workflow automation of all the major privacy compliance functions.

No, Singapore is not part of the European Union, so GDPR does not directly apply. Singapore's data protection law is called the Personal Data Protection Act (PDPA).

Yes, the Personal Data Protection Act (PDPA) is mandatory in Singapore and applies to organizations that handle personal data.

The Personal Data Protection Commission (PDPC) is the authority responsible for regulating and enforcing the Personal Data Protection Act in Singapore.

PDPA stands for the Personal Data Protection Act in Singapore. It regulates personal data collection, use, and disclosure and aims to protect individuals' data privacy rights.

PDPA (Personal Data Protection Act) in Singapore and GDPR (General Data Protection Regulation) in the EU share similar principles but differ in specific requirements, jurisdiction, and scope.

To comply with Singapore's Personal Data Protection Act, organizations need to ensure they have proper data protection policies, consent mechanisms, data breach procedures, and overall data protection measures in place. They should also appoint a Data Protection Officer and educate their employees about data protection practices.

What is Singapore’s Personal Data Protection Act (PDPA)?

Definition of Personal Data under the PDPA

Data Subjects’ Rights Under the PDPA

Organisations’ Obligations under PDPA

Mandatory Data Breach Notification Requirement

Who must comply with PDPA?

Non Compliance Risks

Automating privacy operations across your organization

Automating Compliance and how Securiti can help?

Frequently Asked Questions (FAQs)

More Stories that May Interest You

Newsletter

Company

Resources

Terms

Get in touch

What is Singapore’s Personal Data Protection Act (PDPA)?

Definition of Personal Data under the PDPA

Data Subjects’ Rights Under the PDPA

Organisations’ Obligations under PDPA

Mandatory Data Breach Notification Requirement

Who must comply with PDPA?

Non Compliance Risks

Automating privacy operations across your organization

Automating Compliance and how Securiti can help?

Frequently Asked Questions (FAQs)

Join Our Newsletter

Share

More Stories that May Interest You

What are the Data Subject Rights Under Singapore’s PDPA?

Navigating Generative AI Privacy : Challenges & Safeguarding Tips

Right of Access to Personal Data: What To Know

Newsletter

Company

Resources

Terms

Get in touch

What'sNew

What's
New