Advisory Guidelines on Key Concepts in the Personal Data Protection Act

The Advisory Guidelines for Key Concepts elaborates on and provides illustrations for the key obligations in the PDPA and interpretation of key terms in the PDPA. These assist in organisations and individuals’ general understanding of the PDPA.

The full document is available here.

Chapters Listing

  • Chapters 1-  2: Introduction and Overview
  • Chapters 3 - 9: Important Terms Used in the PDPA
  • Chapter 10: Overview of the Data Protection Provisions
  • Chapter 11: Applicability to Inbound Data Transfers
  • Chapter 12: The Consent Obligation
  • Chapter 13: The Purpose Limitation Obligation
  • Chapter 14: The Notification Obligation
  • Chapter 15: The Access and Correction Obligations
  • Chapter 16: The Accuracy Obligation
  • Chapter 17: The Protection Obligation
  • Chapter 18: The Retention Limitation Obligation
  • Chapter 19: The Transfer Limitation Obligation
  • Chapter 20: The Accountability Obligation
  • Chapters 21 - 23: Other Rights, Obligations and Uses

Revisions to Chapters 19 (updated 2 June 2020)

Chapter 19 has been revised to clarify that any recipient organisation holding a specified certification such as the Asia Pacific Economic Cooperation Cross Border Privacy Rules (CBPR) System or Privacy Recognition for Processors (PRP) System is taken to be bound by legally enforceable obligations to provide a standard of protection comparable to that under the PDPA.

Revisions to Chapters 6 and 15 (updated 9 October 2019)

Chapter 6 has been revised to provide clarity on the obligations of organisations and data intermediaries where personal data is transferred overseas. Chapter 15 has been revised to provide clarity on situations where organisations need not accede to an access request, the charging of fees, access requests relating to legal proceedings, and good practice of preserving personal data after rejecting an access request.