Follow us on:

fb linkedin youtube

As a regulator and a steward of trust, it’s important for PDPC to provide a stable environment that tries to find a balance between providing protection for consumers, and at the same time enabling businesses to drive economic innovation and growth with data.

Adapting Your Business Processes to the PDPA Changes

 
Learn how RSM Singapore reviews its business processes in preparation for the changes in the Personal Data Protection Act (PDPA) with an objective to obtain a qualitative assessment to help understand the risks and the impact on its organisation. RSM Singapore also shares its client’s experience through this journey and sheds light on how your own organisation can do the same too. 
 
(Article contributed by RSM Singapore)

Announcements

Amendments to the PDPA Take Effect From 1 February 2021

The enhanced PDPA and accompanying Regulations will take effect in phases from 1 February 2021. The amendments will strengthen organisational accountability and consumer protection while giving organisations the confidence to harness personal data for innovation.

Launch of the ASEAN Data Management Framework and Model Contractual Clauses on Cross Border Data Flows

The 1st ASEAN Digital Ministers’ Meeting (ADGMIN) approved the ASEAN Data Management Framework and a set of model contractual clauses to aid businesses with cross border data flows. The PDPC has also developed additional guidance for companies in Singapore that wish to utilise the model contractual clauses in their business contracts.

New DPAC Members Appointed in 2021

Eight new members from various sectors have been appointed to the Data Protection Advisory Committee (DPAC). They will complement 11 existing members by providing perspectives from the different sectors they come from. The DPAC advises the PDPC on matters relating to areas of policy guidance, as well as the review of key policy and enforcement issues under the PDPA.

New Resources

Advisory Guidelines on Key Concepts in the PDPA

The Advisory Guidelines have been updated to provide clarity on the amendments to the PDPA, which include amendments to the Consent Obligation, Data Breach Notification Obligation and offences for egregious mishandling of personal data.

Advisory Guidelines on the Do Not Call Provisions

The Advisory Guidelines have been updated to provide clarity on the amendments to the PDPA, which include prohibitions relating to the use of dictionary attacks and address-harvesting software, and requirements on third-party DNC checkers.

Advisory Guidelines on Enforcement of Data Protection Provisions

The Advisory Guidelines have been updated to provide clarity on the amendments to the PDPA, which include amendments relating to the Commission’s power to accept voluntary undertakings as part of its enforcement regime.

A Guide to Job Redesign in the Age of AI

This guide provides an industry-agnostic and practical approach to help companies manage AI's impact on employees, and for organisations that are adopting AI to prepare themselves for the digital future.

Commission's Decisions

January 2021
Breach of the Protection Obligation by BLS International Services Singapore

BLS International Services Singapore failed to put in place reasonable security arrangements to prevent the unauthorised disclosure of the personal data of individuals who had submitted a booking for an appointment on its website.

Breach of the Protection Obligation by The Future of Cooking

The Future of Cooking failed to put in place reasonable security arrangements to prevent the unauthorised disclosure of its customers’ personal data on its website.

No Breach of the Transfer Limitation Obligation by Singapore Technologies Engineering

Singapore Technologies Engineering was found not in breach of the PDPA in relation to the transfer of the personal data of its Singapore-based employees to its subsidiaries based in United States.

Read more Commission's Decisions here

Help and Resources for DPO

Key resources that are relevant to data protection professionals throughout the different stages of the data protection journey.
 
 
 
A listing of information on Data Protection-as-a-Service (DPaaS), legal advisors for personal data protection, data protection training providers, data protection digital tools, and cyber security services.
 
The Framework outlines the core competencies and proficiency levels for a DPO, and provides guidance on a viable career pathway.