Practical Guidance Provided by PDPC

The PDPC provides Practical Guidance to organisations that seek clarity on the application of the PDPA under specific situations. The guidance promotes greater understanding of the personal data protection provisions in relation to the PDPA. Practical Guidance will usually be published on PDPC’s website with the name of the organisation and any information specific or confidential to the organisation redacted.



25 Aug 2016

What is considered “impracticable” when seeking consent of individuals under the research exception, and use of anonymised data within an organisation

Guidance on factors that are relevant in assessing what is “impracticable” under paragraph 2(b) of the Third Schedule to the PDPA, and clarification on the use of anonymised data in circumstances where the “key” to re-identification resides with another department within the organisation.This document incorporates both the Practical Guidance, as well as the subsequent clarification provided on the Practical Guidance to the Medical Research Institution.

28 Dec 2015

Whether randomly generated numbers are considered personal data

Guidance on the application of the Data Protection and Do Not Call Provisions under the PDPA to the use of randomly generated 8-digit numbers to send SMS marketing messages.

18 Dec 2015

Whether research conducted for government agencies is considered “clearly in the public interest” under the research exception

Guidance on whether research conducted for the government agencies such as Ministries and statutory boards would be considered research that is “clearly in the public interest” under paragraph 2(d) of the Third Schedule and paragraph 4(d) of the Fourth Schedule.

17 Jun 2014

Applicability of the credit bureau exception to credit bureau operations and services

Clarification on the applicability of the credit bureau exception to the organisation’s operations and services provided, and guidance on the handling of personal data and measures the organisation may take to better ensure compliance with its obligations under the PDPA.

18 Apr 2014

Methods of communication in the course of providing services and adequacy of IT security arrangements

Guidance on whether the institution’s proposed methods of communication with various persons comply with the DNC provisions under the PDPA, and whether the institution’s proposed IT security arrangements are adequate under the PDPA.

Last updated on 25 Aug 2016