Other Guides

The PDPC has published general guides for reference. They are:

  1. Guide to Notification (published on 11 Sep 2014)
    Information and examples on good practices which organisations may adopt when notifying individuals about personal data policies and practices.
  2. Guide to Securing Personal Data in Electronic Medium (updated on 20 January 2017)
    Information and examples on good practices which organisations may adopt to further secure electronic personal data. 
    Chapter 17 has been expanded to provide more guidance regarding the use of ready-made software.
  3. Guide to Managing Data Breaches (published on 8 May 2015)
    Information which organisations may consider when formulating their framework for managing and minimising data breaches.
  4. Guide on the Practice of Passing Magnetic Stripes of Payment Cards Through a Reader(published on 21 April 2016)
    Information which outlines the examples considered to be for the purpose of processing payment, and includes FAQs by the Association of Banks in Singapore on double-swiping.
  5. Guide to Handling Access Requests(published on 9 June 2016)
    Information and considerations for organisations in handling requests for access to personal data, including sample access request and acknowledgement forms.
  6. Guide on Data Protection Clauses for Agreements Relating to the Processing of Personal Data(published 20 July 2016) 
    Information, considerations and sample clauses for organisations when engaging vendors to provide services relating to the processing of personal data.
  7. Guide on Building Websites for SMEs (updated on 10 July 2018)
    Information which SMEs may consider when setting up websites that collect or store personal data and the considerations to be taken when outsourcing such works to IT vendors. 
    The section on IT Vendor's Responsibilities has been updated to include documentation requirements. Additional tips on passwords have also been added to the Access Control section.
  8. Guide to Disposal of Personal Data on Physical Medium (updated on 20 January 2017) 
    Information on the disposal of physical medium (largely paper) containing personal data and examples of the different ways of disposal which organisations may consider adopting. 
    Chapter 9 was updated on disposal chain control, and new examples added.
  9. Guide to Preventing Accidental Disclosure When Processing and Sending Personal Data (published 20 January 2017)
    Information to help organisations prevent data breaches relating to accidental disclosure of personal data when processing and sending data.
  10. Guide to Data Sharing (revised on 1 February 2018) 
    Information to help organisations determine whether they may share personal data and how to do so, including a framework for Data Sharing Arrangements (DSAs) to be exempted from certain Data Protection Provisions under the PDPA.
    The section on DSAs has been updated in line with the positions taken in PDPC's Response to the Public Consultation on Approaches to Managing Personal Data in the Digital Economy.
  11. Guide to Developing a Data Protection Management Programme (published on 1 November 2017) 
    Introduces a systematic framework to help organisations establish a robust personal data protection infrastructure.
  12. Guide to Data Protection Impact Assessments (published on 1 November 2017) 
    Introduces key principles and illustrations for conducting a Data Protection Impact Assessment, which is a process that identify, assess and address personal data protection risks.
  13. Guide to Basic Data Anonymisation Techniques (published on 25 January 2018)
    Information and examples on anonymisation concepts and techniques for personal data.
  14. Guide to Printing Processes for Organisations (published on 3 May 2018) *NEW*
    Information to assist organisations and print vendors to put in place adequate measures in their printing processes to protect personal data against unintended disclosure.

Last updated on 10 July 2018