'Most Innovative Startup 2020' by RSA - Watch the pitch video

View More

Singapore PDPA

Get Singapore PDPA compliant with the most comprehensive PrivacyOps platform.

Download the book today!

PrivacyOps - Automation & Orchestration for Privacy Compliance
Download Book
Available in PDF

Singapore’s Personal Data Protection Act (PDPA) comprises various provisions governing the collection, disclosure, use, and care of personal data. It recognizes the rights of individuals to have more control over their personal data and the needs of organizations to collect, use, or disclose personal data for legitimate and reasonable purposes.

There are two main sets of provisions in the PDPA; provisions related to ‘Data Protection’ govern the collection, use, and disclosure of individuals' personal data, and the provisions pertaining to Singapore’s national ‘Do Not Call Registry’ set out the organisation’s obligations in relation to sending marketing messages to Singapore's national phone numbers.

The Personal Data Protection Regulations 2014 (PDPR), issued under the PDPA, specifically lay down the data transfer out of Singapore requirements and the procedure for data access and/or correction requests from individuals.

 

The solution

SECURITI.ai enables organizations to comply with the Singapore PDPA regulations through AI-driven PI data discovery, DSR automation, documented accountability, enhanced visibility into data processing activities, and AI-driven process automation.

securiti dashboard

SECURITI.ai supports enterprises in their journey toward compliance with the Thai PDPA through automation, enhanced data visibility, and identity linking

See how our comprehensive PrivacyOps platform helps you comply with various sections of PDPA


 

Customize a data subject rights request portal for seamless customer care

Simplify your DSR request format by building web forms customized for your brand image to accept verified data subject rights requests. Automate the initiation of fulfillment workflows when verified requests are received.

dsr portal
dsr handling

Automate data subject access request handling

PDPA Sections: 21, 22, Fifth Schedule, PDPR Part II

Data subjects need to be notified about their data privacy rights, and organizations are required to simplify the initiation of verified DSR requests. The automation of the delivery and generation of secure data access reports will significantly reduce the risk of compliance violations and reduce the workforce required to comply with all the requests.

Secure fulfillment of data access and port requests

PDPA Sections: 21, 22, Fifth Schedule, PDPR Part II

Organizations are required to disclose the information to the data subjects within a limited time frame of receiving a verifiable data request. This will be free of charge and delivered through a secure, centralized portal.

data access request
data rectify request

Automate processing of rectification requests

PDPA Sections: 21, 22, 23, Sixth Schedule, PDPR Part II

Seamlessly fulfill data rectification requests with the help of automated data subject verification workflows across all appearances of a subject’s personal data.

Automate objection and restriction of processing requests

PDPA Section: 16

Build a framework for objection and restriction of processing handling based on business requirements, with the help of collaborative centralized workflows.

processing request
personal data monitoring tracking

Continuous monitoring and tracking

PDPA Sections: 18, 19, 20, 24

Keep track of risks involved by continuously monitoring and scanning data against non-compliance to subject rights, security controls, or data residency. Surface new Personal Data categories, types, and data flow risks on a continuous basis.

Automate People Data Graph

PDPA Sections: 25, 12

Discover personal information stored across all your systems within the organization and link them back to a unique data subject. Visualize personal data sprawl and identify compliance risks.

personal information data linking
cookie consent

Meet cookie compliance

PDPA Sections: 13-17, 20(1), Second Schedule

Automatically scan the organization’s web properties and categorize tags and cookies. Also build customizable cookie banners, collect consent, and provide a preference center.

Monitor and track consent

PDPA Sections 13-17, Second Schedule, Third Schedule, Fourth Schedule

Track consent revocation of the data subjects to prevent the processing or transfer of data without their consent. Demonstrate consent compliance to regulators and data subjects.

consent preference management
Assess GDPR readiness

Assess PDPA readiness

PDPA Sections: 24, 11, 12

With the help of our multi-regulation, collaborative, readiness, and data protection impact assessment system, you can measure your organization's posture against PDPA requirements, identify the gaps, and address the risks. Seamlessly being able to expand assessment capabilities across your vendor ecosystem to maintain compliance against PDPA requirements.

Map data flows

PDPA Sections: 25, 12

Keep track of data flows in your organizations, trace this data, catalog the collection of data and transfer data, and document business process flows internally and to service providers or 3rd parties.

map data flows
manage vendor risk

Manage vendor risk

PDPA Sections: 11, 12, 24, 25, 26

Track, manage, and monitor privacy and security readiness for all your service providers from a single interface. Collaborate instantly, automate data requests and deletions, and manage all vendor contracts and compliance documents.

Breach Response Notification

Personal Data Protection Commission Guide to Managing Data Breach 2.0

Automates compliance actions and breach notifications to concerned stakeholders in relation to security incidents by leveraging a knowledge database on security incident diagnosis and response.

breach response notification

Key data subject rights encoded within Singapore PDPA

Right to be informed/Access: Data subjects have the right to know what data has been collected and how that data is being processed. They can request to access and obtain a copy of their personal data from controllers. An organisation must notify the individual of the purpose(s) for which it intends to deal with an individual’s personal data.

Rectification: Data subjects have a right to request the rectification of their inaccurate data and have incomplete data stored about themselves completed.

Right to Object: Individuals may, at any time, withdraw any consent given under the PDPA in respect of the collection, use, or disclosure of their personal data for any purpose by an organisation.

Consent: Personal data cannot be processed without obtaining explicit consent from the data subject. An organisation must obtain the consent of the individual before collecting, using, or disclosing his personal data for a purpose.

Quick facts about Singapore PDPA

1

The PDPA covers personal data stored in electronic
and non-electronic forms. Anonymised' data
(where the data can no longer be used to identify the data subject)
does not come under the scope of the PDPA.

2

The PDPA was drafted keeping in reference laws from the EU, UK, Canada, Hong Kong, Australia and New Zealand, as well as the OECD Guidelines on the Protection of Privacy and Transborder Flow of Personal Data.

3

The PDPA ensures a baseline standard of protection for personal data across the economy by complementing sector-specific legislative and regulatory frameworks.

4

Non-compliance with specific provisions under the PDPA may constitute an offense, for which a fine or a term of imprisonment may be imposed.

5

The Personal Data Protection Commission is empowered with broad discretion to issue remedial directions, initiate investigation inquiries, and impose fines and penalties on the organisations in case of any non-compliance of PDPA.