Follow us on:

fb linkedin youtube

While the principle of accountability is not new, we believe that our approach to accountability evolves this principle further. We have taken three perspectives: organisation’s, systemic and global.

Tan Kiat How
Commissioner, PDPC

Being Accountable to Stakeholders

The Law Society of Singapore shares ten useful tips on the approach organisations can undertake to foster a culture of accountability in the protection of personal data.

Read More

Boosting Client Confidence with DPTM

As a data intermediary managing millions of customer records on behalf of shopping malls, iColumn welcomes certification as a way of assuring clients that the personal data under its care is responsibly managed and safeguarded.

Read More



MoU with Philippines’ National Privacy Commission (NPC)

PDPC signed a Memorandum of Understanding (MoU) with Philippines’ National Privacy Commission. It forms the basis of the working relationship between the two Commissions going forward in matters of mutual regulatory interests.


Reminder on NRIC Advisory Guidelines Compliance

Organisations must not collect NRIC and other national identification numbers, unless required by law, or necessary to establish, or verify an individual’s identity to a high degree of accuracy.


PDP Digest 2019

The past year has seen various significant global developments aimed at improving the protection of personal data, safeguarding trust and promoting accountability. Besides featuring recent decisions issued by the PDPC and case summaries, this third volume of the PDP Digest also include articles on GDPR coming into force in the EU, ASEAN Digital Data Governance Framework endorsed by member states, and Singapore becoming the sixth APEC economy to participate in the APEC CBPR and PRP systems.


DPO Competency Framework & Training Roadmap

This Framework helps organisations understand the different job functions so as to hire the right DPO, and consider building up data innovation-related competencies of their data protection (DP) professionals. For a DP professional, the Framework provides a clear career path, identifies competency gaps and points out relevant training courses to plug the gaps.


APEC CBPR/PRP Certification Open for Application

IMDA has been appointed as Singapore’s Accountability Agent for APEC Cross Border Privacy Rules (CBPR) and Privacy Recognition for Processors (PRP) Systems certifications. These certifications allow more seamless flow of personal data within the APEC region while respecting privacy and security.


Guide to Accountability

A “check-box” compliance approach towards the handling of personal data is increasingly impractical and insufficient to keep pace with developments in data processing activities. A shift from a compliance-based approach to an accountability-based approach has become more important.


Revised Advisory Guidelines on Key Concepts in the PDPA

The “Openness Obligation” has been updated to “Accountability Obligation” in PDPC’s advisory guidelines, providing clarity on its interpretation in relation to Sections 11 and 12 of the PDPA.

New Resources


Notices for Entry into Commercial and Residential Buildings

Template notices that clarify PDPC’s position on verification and collection of NRIC numbers which commercial and residential buildings can put up for visitor management.

Commission's Decisions

Sep 2019
Breach of the Accountability Obligation by Executive Link Services

A financial penalty of $5,000 was imposed on Executive Link Services for breaches of the PDPA. The organisation failed to appoint a data protection officer and did not have written policies and practices necessary to ensure its compliance with the PDPA.

Breach of the Protection Obligation by Friends Provident International

A warning was issued to Friends Provident International for failing to protect the personal data of its policyholders from unauthorised disclosure via its online portal.

Breach of the Protection, Retention and Accountability Obligations by O2 Advertising

Directions, including a financial penalty of $10,000, were imposed on O2 Advertising for breaches of the PDPA. The organisation failed to put in place reasonable measures to protect individuals’ personal data collected from an advertising campaign and did not cease retention of such data when it was no longer required. The organisation was also directed to appoint a data protection officer and put in place data protection policies and practices.

Read more Commission's Decisions here

Help and Resources for DPO

PDPA Assessment Tool for Organisations

Use the free online self-assessment tool to gauge your organisation’s level of compliance with the PDPA.

Data Protection Notice Generator

A free-to-use tool for generating basic data protection template notices to help organisations inform their stakeholders on how it manages their personal data.

Data Protection Advisory Services

Kick-start your organisation’s DP practices using resources such as sample forms, clauses and communication materials that are easy to implement.


If you want to reach out, please contact us online or call +65 6377 3131.

To unsubscribe, click here