LISTEN NOW: Evolution of Data Controls in the Era of Generative AI

View

Singapore PDPA | Singapore's Personal Data Protection Act

Get Singapore PDPA compliant with the most comprehensive PrivacyOps platform

Last Updated on noviembre 16, 2023

Schedule Your
Personal Demo

Learn how you can leverage Securiti’s Data Command Center to address data security, privacy, governance, and compliance.

Ver una demostración
Schedule your demo today

Singapore’s Personal Data Protection Act (PDPA) comprises various provisions governing the collection, disclosure, use, and care of personal data. It recognizes the rights of individuals to have more control over their personal data and the needs of organizations to collect, use, or disclose personal data for legitimate and reasonable purposes.

There are two main sets of provisions in the PDPA; provisions related to ‘Data Protection’ govern the collection, use, and disclosure of individuals' personal data, and the provisions pertaining to Singapore’s national ‘Do Not Call Registry’ set out the organisation’s obligations in relation to sending marketing messages to Singapore's national phone numbers.

The Personal Data Protection Regulations 2014 (PDPR), issued under the PDPA, specifically lay down the data transfer out of Singapore requirements and the procedure for data access and/or correction requests from individuals.

 

The solution

securiti.ai enables organizations to comply with the Singapore PDPA regulations through AI-driven PI data discovery, DSR automation, documented accountability, enhanced visibility into data processing activities, and AI-driven process automation.

Singapore PDPA Compliance Solution

SECURITI.ai supports enterprises in their journey toward compliance with the Thai PDPA through automation, enhanced data visibility, and identity linking.

See how our comprehensive PrivacyOps platform helps you comply with various sections of PDPA


 

Customize a data subject rights request portal for seamless customer care

Simplify your DSR request format by building web forms customized for your brand image to accept verified data subject rights requests. Automate the initiation of fulfillment workflows when verified requests are received.

PDPA data subject request portal
dsr handling

Automate data subject access request handling

PDPA Sections: 21, 22, Fifth Schedule, PDPR Part II

Data subjects need to be notified about their data privacy rights, and organizations are required to simplify the initiation of verified DSR requests. The automation of the delivery and generation of secure data access reports will significantly reduce the risk of compliance violations and reduce the workforce required to comply with all requests.

Secure fulfillment of data access and port requests

PDPA Sections: 21, 22, Fifth Schedule, PDPR Part II

Organizations are required to disclose the information to the data subjects within a limited time frame of receiving a verifiable data request. This will be free of charge and delivered through a secure, centralized portal.

PDPA data access request
data rectify request

Automate processing of rectification requests

PDPA Sections: 21, 22, 23, Sixth Schedule, PDPR Part II

Seamlessly fulfill data rectification requests with the help of automated data subject verification workflows across all appearances of a subject’s personal data.

Automate objection and restriction of processing requests

PDPA Section: 16

Build a framework for objection and restriction of processing handling based on business requirements, with the help of collaborative centralized workflows.

Data Processing Request Restriction
personal data monitoring tracking

Continuous monitoring and tracking

PDPA Sections: 18, 19, 20, 24

Keep track of risks involved by continuously monitoring and scanning data against non-compliance to subject rights, security controls, or data residency. Surface new Personal Data categories, types, and data flow risks on a continuous basis.

Automate People Data Graph

PDPA Sections: 25, 12

Discover personal information stored across all your systems within the organization and link them back to a unique data subject. Visualize personal data sprawl and identify compliance risks.

personal information data linking
Singapore PDPA Cookie Consent Compliance

Meet cookie compliance

PDPA Sections: 13-17, 20(1), Second Schedule

Automatically scan the organization’s web properties and categorize tags and cookies. Also build customizable cookie banners, collect consent, and provide a preference center.

Monitor and track consent

PDPA Sections 13-17, Second Schedule, Third Schedule, Fourth Schedule

Track consent revocation of the data subjects to prevent the processing or transfer of data without their consent. Demonstrate consent compliance to regulators and data subjects.

Universal Consent Management Dashboard
PDPA Readiness Assessment

Assess PDPA readiness

PDPA Sections: 24, 11, 12

With the help of our multi-regulation, collaborative, readiness, and data protection impact  assessment system, you can measure your organization's posture against PDPA requirements, identify the gaps, and address the risks. Seamlessly being able to expand assessment capabilities across your vendor ecosystem to maintain compliance against PDPA requirements.

Map data flows

PDPA Sections: 25, 12

Keep track of data flows in your organizations, trace this data, catalog the collection of data and transfer data, and document business process flows internally and to service providers or 3rd parties.

PDPA data flow mapping
PDPA Compliance Vendor Risk Managment

Manage vendor risk

PDPA Sections: 11, 12, 21, 22, 23, 24, 25, 26

Track, manage, and monitor privacy and security readiness for all your service providers from a single interface. Collaborate instantly, automate data requests and deletions, and manage all vendor contracts and compliance documents.

Breach Response Notification

PDPA Sections: 26B, 26C, 26D 

Automates compliance actions and breach notifications to concerned stakeholders in relation to security incidents by leveraging a knowledge database on security incident diagnosis and response.

breach response notification

Key Rights Under Singapore PDPA

Right to be informed/Access: Data subjects have the right to know what data has been collected and how that data is being processed. They can request access and obtain a copy of their personal data from controllers. An organisation must notify the individual of the purpose(s) for which it intends to deal with an individual’s personal data.

Rectification: Data subjects have a right to request the rectification of their inaccurate data and have incomplete data stored about themselves completed.

Right to Object: Individuals may, at any time, withdraw any consent given under the PDPA in respect of the collection, use, or disclosure of their personal data for any purpose by an organisation.

Consent: Personal data cannot be processed without obtaining explicit consent from the data subject. An organisation must obtain the consent of the individual before collecting, using, or disclosing his personal data for a purpose.

Facts related to PDPA

1

The PDPA covers personal data stored in electronic and non-electronic forms. Anonymised' data (where the data can no longer be used to identify the data subject ) does not come under the scope of the PDPA.

2

The PDPA was drafted keeping in reference laws from the EU, UK, Canada, Hong Kong, Australia and New Zealand, as well as the OECD Guidelines on the Protection of Privacy and Transborder Flow of Personal Data.

3

The PDPA ensures a baseline standard of protection for personal data across the economy by complementing sector-specific legislative and regulatory frameworks.

4

Non-compliance with specific provisions under the PDPA may constitute an offense, for which a fine or a term of imprisonment may be imposed.

5

The Personal Data Protection Commission is empowered with broad discretion to issue remedial directions, initiate investigation inquiries, and impose fines for any intentional and negligent contravention of PDPA in form of either S$1 million or 10% of the organization’s annual turnover in Singapore for organizations with annual local turnover exceeding S$10 million, whichever is higher.

IDC MarketScape

Securiti named a Leader in the IDC MarketScape for Data Privacy Compliance Software

Read the Report

What's
New