Enactment of the Personal Data Protection Act (PDPA) – the beginnings of personal data protection in Singapore.
Establishment of the Commission to administer the PDPA and onboarding of the first Data Protection Advisory Committee to provide invaluable advice.

Inaugural Personal Data Protection seminar to prepare businesses for the PDPA.
Reducing unwanted telemarketing messages with the launch of the Do Not Call (DNC) Registry and levelling up data protection with enforcement of the Data Protection Provisions.

Joint collaboration with Consumers Association of Singapore and Singapore Mediation Centre to provide mediation services for businesses and their customers.

Joined in Asia Pacific Economic Cooperation (APEC) Cross-border Privacy Enforcement Arrangement (CPEA), Asia Pacific Privacy Authorities (APPA) and Global Privacy Enforcement Network (GPEN) to enforce cross-border breaches, develop and improve policies.

Basic capability building for DPOs with PDPA E-Learning Programme and the Fundamentals of PDPA Training Course.
Raising awareness of data protection through APPA’s first Privacy Awareness Week (PAW) in Singapore.
Enforcement against the first set of data breaches.

Established ASEAN Framework on Personal Data Protection to promote and strengthen personal data protection in the region.

Hosted APPA 45th Forum in Singapore to exchange best practices on data protection among regulators.
Start of the review of the PDPA through public consultations.

Pivoted to an accountability approach and introduced Data Protection Management Programme and Data Protection Impact Assessments to guide businesses.

Simplified the data protection journey for SMEs with a suite of resources and tools:
  1. PDPA Assessment Tool for Organisations
  2. DP Notice Generator
  3. DP Starter Kit
  4. DP Advisory Services

AsiaDPO recognised as the first DP Community of Practice in Singapore.

First collaboration with strategic partners to conduct workshops for DPOs at PDP Seminar.

Set up DPO Registry.
Participated in APEC Cross-Border Privacy Rules (CBPR) System and Privacy Recognition for Processors (PRP) System.

Collaborated with International Association for Privacy Professionals (IAPP) to develop an advanced course that equips DPOs with practical data governance, knowledge and skills.
Collaboration with Competition and Consumer Commission of Singapore on a paper to discuss benefits and impacts of data portability requirement for business innovation, market competition and consumers.

Enhanced bilateral relationships with three Data Protection Authorities through MOU to enable cross-border data flows:
  1. Hong Kong’s Office of the Privacy Commissioner for Personal Data (PCPD)
  2. United Kingdom’s Information Commissioner’s Office
  3. Philippines’s National Privacy Commission

Collaboration with HK’s PCPD to develop the Data Protection by Design guide for businesses.

Developed the first comprehensive Trusted Data Sharing Framework to facilitate data sharing between organisations.

Establishment of Active Enforcement Framework to recognise businesses that have adopted accountable practices and helping businesses comply with data breach management best practices.

Introduction of Data Protection Trustmark and APEC CBPR and PRP systems certifications for businesses to increase their competitive advantage and build trust with their customers.

Co-led the ASEAN Data Protection and Privacy Forum.

Singapore’s work in AI Governance and Ethics won a top award at the World Summit on the Information Society Prizes, and includes PDPC’s Model AI Governance Framework.

Introduced Data Protection Officer (DPO) Competency Framework and Training Roadmap to guide DPOs in enhancing their competencies.

Transformed PDP Seminar into PDP Week to further capability building of DPOs.
Strengthening organisation accountability and supporting business innovation through the PDPA Amendments.

Collaboration with National Council of Social Service to build data management capabilities in the social services sector through Data Protection-as-a-Service (DPaaS).

Entered into Digital Economy Partnership Agreement (DEPA) with Chile and New Zealand, and the Singapore-Australia Digital Economy Agreement (SADEA) on data protection commitments.
Published the ASEAN Data Management Framework and Model Contractual Clauses for Cross Border Data Flows (MCCs) as key resources and tools for ASEAN businesses to utilise in their data-related business operations. PDPC also provided additional guidance to local companies who wish to utilise the MCCs in their business contracts. MCCs also won the World Summit on the Information Society (WSIS) award.

Helping SMEs make better use of data with the Better Data Driven Business (BDDB) programme.

Introduction of the DNC Application Programming Interface (API) to enable timely and seamless checks with the DNC Registry.

Helping SMEs guard against common data breaches with a suite of self-help IT resources.
Introduced Data Protection Essentials (DPE) to help SMEs acquire a basic level of data protection and security practices.

Development of A.I. Verify to enable businesses to be more transparent about their AI systems.

Supporting businesses’ digitalisation with guidance on personal data protection when using trending data technologies:
  1. Anonymisation
  2. Biometric
  3. Cloud
  4. Blockchain

Helping businesses mitigate risks when they use data or get into data partnerships with a Regulatory Sandbox for Privacy Enhancing Technologies (PET).

Shaping the path of success with partners and data protection professionals