Three organisations were issued directions for breaching the PDPA.

SME Motor failed to make reasonable security arrangement to prevent the unauthorised disclosure of their customers' personal data and was issued directions to put in place a data protection policy and conduct training for staff.

A financial penalty of $20,000 was also imposed on Spize Concepts for failing to appoint a Data Protection Officer (DPO) and not making reasonable security arrangements to prevent the unauthorised disclosure of customer's personal data, among other breaches.

A financial penalty of $5,000 was also imposed on AgcDesign for failing to appoint a DPO and not having a data protection policy in place.

Access the Decisions here.