Follow us on:

fb linkedin youtube instagram telegram

PDPC is committed to supporting businesses in their data protection journey. We understand the challenges of running a business and taking care of data protection at the same time, which is why the Data Protection Essentials (DPE) programme was recently launched to make it easier for businesses to implement security and data protection measures to minimise the pitfalls of data breaches. Together, we can make Singapore a trusted digital hub where businesses thrive.

Privacy Awareness Week 2022

At the Singapore’s Privacy Awareness Week 2022, local and international speakers came together to share insights on how businesses can make the best use of customer data while keeping it secure. Learn more about the summarised key initiatives that can help your business here.

Helping businesses harness the expertise of experienced CTOs

IMDA’s Chief Technology Officer-as-a-Service initiative offers SMEs access to a pool of experienced digital consultants, a one-stop platform packed with easy-to-use resources and a digital assessment to identify relevant solutions.
(Published in IMDA's IMPact News, 31 March 2022)


ATxAI Conference 2022 on 1 June

Organised by IMDA & PDPC, Singapore's ATxAI 2022 convenes visionaries and policy makers in panel discussions on AI. Well-known experts from Google, IBM, OECD, Salesforce, SEA Group, Sony AI and WEF will share insights, trends and implications of using AI for businesses and policy making. Learn about successful implementations of trustworthy AI from an industry showcase. Register now.

Data Protection Essentials (DPE) Programme

The new Data Protection Essentials (DPE) programme supports Small and Medium Enterprises (SMEs) in acquiring a baseline level of data protection and security practices to protect their customers’ personal data and recover quickly in the event of a data breach. Find out about how DPE would benefit your organisation.

New Resources

Advisory Guidelines on the Personal Data Protection Act for Selected Topics

The Advisory Guidelines for Selected Topics highlights how the PDPA applies to particular issues and domains such as analytics and research, online activities and cloud services. The section on Closed-Circuit Television Cameras (CCTVs) under chapter on Photography, Video and Audio Recordings has been updated to provide more clarity to companies on the requirements for handling personal data captured through CCTVs.

Advisory Guidelines on Key Concepts in the Personal Data Protection Act

The Advisory Guidelines for Key Concepts elaborate on and provide illustrations for the key obligations in PDPA. The section on "Access that may reveal personal data about another individual" has been updated to provide clarity through provision of more examples.

Advisory Guidelines for Management Corporations

These Advisory Guidelines clarify how the Data Protection Provisions in the PDPA apply to MCSTs’ collection, use and disclosure of personal data, as well as suggest good data protection practices in certain scenarios. It has been updated to take into account the amendments to the PDPA and Personal Data Protection Regulations which came into force on 1 February 2021, and to align with the Guide on Responsible Use of Biometric Data in Security Applications in respect of CCTV usage.

Guide to Basic Anonymisation

Anonymisation is one easy way to reduce potential data breaches. Learn to perform basic anonymisation and de-identification of various datasets through a simple 5-step anonymisation process with the PDPC’s guide.

Guide on the Responsible Use of Biometric Data in Security Applications

The PDPC has published a new guide that highlights the responsible use of commercial security applications such as security cameras, facial and fingerprint recognition systems to safeguard individuals’ biometric data where it is collected, used or disclosed.

Commission's Decisions

May 2022
Breach of the Protection by Lovebonito

A financial penalty of $24,000 was imposed on Lovebonito for failing to put in place reasonable security to protect personal data in its possession. The incident resulted in the personal data being accessed and exfiltrated.

Breach of the Accountability and Protection Obligations by PINC Interactive

A financial penalty of $12,500 was imposed on PINC for failing to put in place reasonable security arrangements to protect the personal data in its possession. Directions were also issued to PINC to develop and implement internal data protection policies and practices to comply with the PDPA and to ensure no copies of database were stored on employees' personal computers.

Breach of Protection Obligation by Southaven Boutique

A financial penalty of $2,000 was imposed on Southaven Boutique for failing to put in place reasonable security arrangement to prevent the unauthorised access of its customers' personal data in its Point-Of-Sale system server. An application for reconsideration was filed against the Decision Re Southaven Boutique Pte Ltd. Upon review and careful consideration of the application, direction in the Decision was varied and the financial penalty imposed was reduced.

Breach of the Transfer Limitation Obligation by Toll Logistics (Asia) and others

Warnings were issued to Toll Logistics (Asia), Toll Global Forwarding, Toll Offshore Petroleum Services, and Toll (TZ) for breaches of the PDPA in relation to the transfer of employees’ personal data to a human resources software vendor in Ireland.

Read more Commission's Decisions here

Help and Resources for DPO

Resources for organisations to develop good data protection practices in their ICT system and processes to improve their cybersecurity resilience as well as capabilities in data breach prevention.
Designed with built-in data protection practices, the BI tool is a user-friendly tool that helps businesses convert data into visual dashboards to address five common business objectives.
Complementing the BI tool, the Interactive Guide offers a useful step-by-step guide on learning how to use data to make better business decisions.