Advisory Guidelines on Key Concepts in the Personal Data Protection Act

The Advisory Guidelines for Key Concepts elaborate on and provide illustrations for the key obligations in the PDPA and interpretation of key terms in the PDPA. These assist in organisations and individuals’ general understanding of the PDPA.

The full document is available here. The annexes are available here: Annex A, Annex B and Annex C

Chapters Listing

  • Chapters 1-  2: Introduction and Overview
  • Chapters 3 - 9: Important Terms Used in the PDPA
  • Chapter 10: Overview of the Data Protection Provisions
  • Chapter 11: Applicability to Inbound Data Transfers
  • Chapter 12: The Consent Obligation
  • Chapter 13: The Purpose Limitation Obligation
  • Chapter 14: The Notification Obligation
  • Chapter 15: The Access and Correction Obligations
  • Chapter 16: The Accuracy Obligation
  • Chapter 17: The Protection Obligation
  • Chapter 18: The Retention Limitation Obligation
  • Chapter 19: The Transfer Limitation Obligation
  • Chapter 20: The Data Breach Notification Obligation
  • Chapter 21: The Accountability Obligation
  • Chapters 22 - 23: Offences affecting personal data and anonymised information
  • Chapters 24 - 26: Other Rights, Obligations and Uses
  • Annex A: Framework for the Collection, Use and Disclosure of Personal Data
  • Annex B: Assessment Checklist for Deemed Consent by Notification
  • Annex C: Assessment Checklist for Legitimate Interests Exception

Revisions to Advisory Guidelines (updated 1 February 2021)

The Advisory Guidelines have been updated to provide clarity on the amendments to the PDPA which came into force on 1 February 2021. These include amendments to the Consent Obligation, Data Breach Notification Obligation and offences for egregious mishandling of personal data.