New Undertakings on 2 October 2025
02 Oct 2025
This month, the Commission has issued two Undertakings.
The Undertakings address gaps in data protection practices, including inadequate cybersecurity measures, lack of appointed Data Protection Officers, and improper disclosure of personal data in public communications.
To improve compliance with the PDPA, the organisations involved have committed to measures such as:
- Appointing and registering Data Protection Officers, and establishing data protection policies and incident response plans
- Implementing necessary cybersecurity measures to protect personal data, such as ensuring that the latest software updates are installed in devices and systems
- Ensuring personal data is not disclosed without consent when responding publicly, and taking appropriate measures to ensure compliance with PDPA obligations for at least six months
The PDPC has accepted these Undertakings after considering the nature of the incidents, the types of personal data involved, and the remedial steps done and committed by the organisations.
Access the Undertakings here.