Follow us on:

fb linkedin youtube

Trust is earned when consumers are assured that their personal data is used responsibly by accountable organisations.

Michelle Yap,
Assistant Commissioner, PDPC

Navigating the Road Ahead: Insights into the Policy Rationale of the PDP (Amendment) Bill 2020

The recent developments provide us with a number of insights into the policy thinking that underlies the amendments to the PDPA in the Bill. In this article, we focus on 4 significant provisions in the Bill which have been clarified in the Closing Note.
(Article contributed by Data Protection, Privacy & Cybersecurity Practice, Drew & Napier LLC)


Amendments to the Personal Data Protection Act and Spam Control Act Passed

The proposed amendments to the PDPA to address Singapore’s evolving digital economy needs, and related amendments to the Spam Control Act (SCA), were passed in Parliament on 2 November 2020.

Closing Note to Public Consultation on Personal Data Protection (Amendment) Bill

The Ministry of Communications and Information (MCI) and the PDPC issued a closing note to the public consultation on the Personal Data Protection (Amendment) Bill.

Building Data Management Capabilities in the Social Services Sector

The Infocomm Media Development Authority (IMDA) and the PDPC collaborated with National Council of Social Service (NCSS) to build data management capabilities in the social services sector through Data Protection-as-a-Service (DPaaS).

DPaaS is an alternative for organisations to outsource their data protection functions. Organisations may approach any of the listed providers who are registered with IMDA.

New Resources

Draft Advisory Guidelines on Key Provisions of the Personal Data Protection (Amendment) Bill Now Available

The PDPC has issued the draft Advisory Guidelines which provide the PDPC’s clarification on key provisions in the Bill. These are not meant to exhaustively cover all the amendments in the PDPA and will be finalised and issued when the amendments to the PDPA come into effect.

Guide on Managing Data Intermediaries Now Available

The PDPC has published a new guide that highlights the relevant obligations under the PDPA and key considerations for organisations when outsourcing data processing activities to data intermediaries. The guide looks into the aspects of governance and risk assessment, policies and practices, service management and exit management.

Compendium of AI Use Cases Volume 2 Now Available

The IMDA and PDPC have published a second volume containing new use cases that illustrate how organisations have implemented or aligned their AI governance practices with the Model AI governance Framework.

The Compendium showcases how AI Singapore, City of Darwin (Australia), Google, Microsoft and Taiger, have benefited from the use of responsible AI in their line of work.


Webinar - Building Consumer Trust with Accountable Data Protection and Cybersecurity Practices

8 Dec 2020

Organised by Enterprise Singapore, this webinar helps you understand how the Data Protection Trustmark (DPTM) certification and adopting an accountability approach can help enhance your business’ data management capabilities and strengthen consumer trust. Learn how standards such as ISO 27001 can help your business effectively manage and overcome cybersecurity challenges.

Commission's Decisions

November 2020
Breach of the Protection Obligation by Novelship

Novelship failed to put in place reasonable security arrangements to protect the personal data collected from its sellers from unauthorised access on its website.

Breach of the Protection and Retention Limitation Obligations by Worksmartly

Worksmartly failed to put in place reasonable security arrangements to protect the personal data of its client’s employees. It was also found to be retaining personal data which was no longer necessary for legal or business purposes.

Breach of the Protection and Retention Limitation Obligations by Times Software, Breach of the Protection Obligation by Dentons and TMF

Times Software, a data intermediary, failed to make reasonable security arrangements to prevent the unauthorised disclosure of employees' personal data belonging to its clients, and retained personal data which was no longer necessary for legal or business purposes. Separately, Dentons and TMF were each issued a warning for failing to put in place reasonable security arrangements with Times Software to prevent unauthorised disclosure of their employees' personal data.

Read more Commission's Decisions here

Help and Resources for DPO

A listing of information on DP consulting services, legal advisors for personal data protection, data protection training providers, data protection solutions, outsourced DPO functions service providers and cybersecurity services.
Use the free online self-assessment tool to gauge your organisation’s level of compliance with the PDPA.
A free-to-use tool for generating basic data protection template notices to help your organisation inform your stakeholders on how their personal data is managed.