In the book “The Future is Faster Than You Think!”, the authors examine how the convergence of technologies is changing our lives faster than we can imagine. Consider these examples given in the book. In 2015, we have about 15 billion connected devices; by 2030, the number is projected to go up to 500 billion. And, how in less than two decades after the arrival of the internet, Google and Facebook together now command more advertising dollars than all the print media on the planet.

Are you ready for the future? The immediate future we face, unfortunately, must account for COVID-19. On a positive note, COVID-19 has been an impetus for many countries around the world to spur their digital transformation. In Singapore, digitalisation has been going on for some time, but with the pandemic, the Government will accelerate the process further by pledging a 30% increase in ICT spending this year (estimated total spending of $3.5 billion).

Indeed, we see that businesses with a strong online presence weathered the Circuit Breaker better. For businesses that have yet to come onboard, Government has launched various measures to make digitalisation more accessible amid COVID-19. For example, the “Stay Healthy, Go Digital” initiative by IMDA and Enterprise Singapore provides funding for businesses to build digital capabilities and covers costs for hardware, software, cybersecurity and so on. Now, therefore, is an opportune time to start thinking about how to better equip your business for the future.

As the future brings about increased digitalisation, innovation and growth can only happen alongside robust data management practices. The role of a DPO will correspondingly become increasingly important and multi-faceted. To remain relevant, a DPO’s role should evolve from being a gatekeeper, to actively helping your organisation embrace and harness the power of data. Have you prepared yourself to fulfil the role of the future-DPO? Our DPO Competency Framework and Training Roadmap sets out the skills a DPO should have in this regard. It is a unique approach in that we place equal emphasis on skills to manage data responsibly as well as skills that support your organisation’s innovation journey. This approach reflects our view of what an ideal DPO should be: a facilitator, advocate, and internal partner to business units who understands the value of data and customer trust. I encourage you to use the framework to assess your competencies and to undertake the relevant training to plug any gaps.

COVID-19 had created much uncertainty and bad news all round. As PDPC’s new Commissioner, I would like to take this opportunity to renew PDPC’s commitment that we will continue to foster an environment of trust and innovation amongst businesses and consumers. With this, we hope to help businesses build up the necessary resilience to meet the challenges the future may bring; COVID-19 and beyond. Let’s navigate the future together.

Singapore’s Review of the PDPA and its Opportunity for Leadership in the Region

International personal data protection regulations are as ever-changing as the growth and value of consumer data in our interconnected world. The law requires updates to reflect these new circumstances. As such, Singapore's PDPA is undergoing a comprehensive review since its enactment in 2012.

(Article contributed by BSA)

53rd Asia Pacific Privacy Authorities Forum

PDPC hosted the first virtual APPA Forum with a strong turnout by member authorities. The 3-day meeting saw intensified narrative on the governance challenges caused by COVID-19, progress in international data protection cooperation, and developments in the biometrics and AI space.

Announcements

	New Commissioner for Personal Data Protection Commission Mr Tan Kiat How has stepped down as the Chief Executive of Infocomm Media Development Authority (IMDA) and Commissioner of Personal Data Protection Commission (PDPC). Mr Lew Chuen Hong, previously Deputy Chief Executive (Development) of IMDA, has been appointed as the next Chief Executive of IMDA and Commissioner of PDPC.
	Public Consultation on Personal Data Protection (Amendment) The Ministry of Communications and Information (MCI) and the Personal Data Protection Commission (PDPC) launched an online public consultation on the proposed amendments to the Personal Data Protection Act (PDPA) and related amendments to the Spam Control Act (SCA). These proposed amendments aim to strengthen public trust, enhance business competitiveness, and provide greater organisational accountability and assurance to consumers, in support of Singapore’s Digital Economy.
	Singapore Now Recognises APEC CBPR and PRP Certifications Under PDPA The PDPC has amended the Personal Data Protection Regulations to recognise the Asia Pacific Economic Cooperation (APEC) Cross Border Privacy Rules (CBPR) System and Privacy Recognition for Processors (PRP) System certifications as one of the modes for transfers of data overseas. An overseas recipient that is CBPR- or PRP-certified is considered legally bound to provide comparable protection for the transferred personal data to the PDPA. Organisations in Singapore can thus easily transfer personal data to the overseas recipient without meeting additional requirements.
	Organisations Can Now Register Their DPO Information Via ACRA BizFile⁺ Under the PDPA, organisations are required to designate at least one individual as the organisation’s DPO, and making the DPO’s business contact information (BCI) publicly available. With effect from 28 March 2020, business entities registered with ACRA (including sole-proprietorships, partnerships, limited partnerships, limited liability partnerships and companies) can register and update their DPO's BCI via ACRA's BizFile⁺ portal using their CorpPass accounts.
	Advisory on Impersonation of PDPC Officers PDPC would like to alert the public to a variant of impersonation scams involving individuals pretending to be PDPC officers. Organisations and members of the public should be careful with revealing personal and confidential information (such as NRIC numbers or financial details) over the phone to unknown parties.

New Resources

Advisory Guidelines on Key Concepts in the Personal Data Protection Act

Chapter 19 has been revised to clarify that any recipient organisation holding a specified certification such as the Asia Pacific Economic Cooperation Cross Border Privacy Rules (CBPR) System or Privacy Recognition for Processors (PRP) System is taken to be bound by legally enforceable obligations to provide a standard of protection comparable to that under the PDPA.

Easy Data Transfers to APEC CBPR/PRP Certified Organisations

Quick overview guide for the transfer requirements.

Sample Clause for Data Transfers to APEC CBPR and PRP Certified Organisations

Singapore has developed a template contract clause that transferring organisations could include in their contract with recipients.

Events

Privacy Awareness Week 2020

21 to 27 Sep 2020

The PDPC is marking the fourth week of September 2020 as PAW in Singapore. This year, we look at the value of accountability and transparency in strengthening consumer trust in the burgeoning digital age. When organisations can be trusted with little, they will be entrusted with more.

Commission's Decisions

August 2020

●	Breach of the Protection Obligation by MCST 3400 MCST 3400 failed to put in place reasonable security arrangements to prevent the unauthorised access of 562 individuals’ personal data stored in an internal directory.

●

Breach of the Protection Obligation by MDIS Corporation

MDIS Corporation failed to put in place reasonable security arrangements to protect the personal data of individuals on its website. These individuals had provided their personal data to MDIS Corporation for registration purposes to attend its courses.

●	Breach of the Protection Obligation by CDP CDP failed to put in place reasonable security arrangements to prevent the unauthorised disclosure of individuals’ personal data. Mails sent by CDP were addressed to incorrect recipients.

Help and Resources for DPO

List of Data Protection Service Providers

A listing of information on DP consulting services, legal advisors for personal data protection, data protection training providers, data protection solutions, outsourced DPO functions service providers and cybersecurity services.

DPO Competency Framework & Training Roadmap

The Framework outlines the core competencies and proficiency levels for a DPO, and provides guidance on a viable career pathway.

Data Protection Notice Generator

A free-to-use tool for generating basic data protection template notices to help your organisation inform your stakeholders on how their personal data is managed.

If you want to reach out, please contact us online or call +65 6377 3131.