While organisations should generally rely on consent, or one of the applicable exceptions to share the data without consent, there may be circumstances where the sharing of data is not likely to have any adverse impact on the individuals, or where there is a need to protect legitimate interests and the benefits for the public (or a section thereof) outweigh any adverse impact to the individuals.
The PDPC is prepared to work with organisations to create regulatory sandboxes that will allow them to move faster, and at the same time, allow us to understand how our proposed changes to the PDPA might work in practice so that we can fine tune the details before we amend the PDPA.
Criteria for applications to the PDPC for organisations’ data sharing arrangements (DSAs) to be exempted from one or more obligations under the PDPA on a case-by-case basis:
Organisations that meet the criteria above can submit an application for exemption of a proposed DSA to the PDPC. Please refer to the Exemption Requests page or the Trusted Data Sharing Framework for more information.