Other Guides

The PDPC has published general guides for reference. They are:

  1. Guide to Notification (updated 26 September 2019) *NEW*
    Information and examples on good practices which organisations may adopt when notifying individuals about personal data protection policies and practices.
    Updated with a new chapter on key considerations in developing notifications and new examples, including dynamic consent and just-in-time notifications.
  2. Guide to Securing Personal Data in Electronic Medium (updated 20 January 2017)
    Information and examples on good practices which organisations may adopt to further secure electronic personal data. 
    Chapter 17 has been expanded to provide more guidance regarding the use of ready-made software.
  3. Guide on the Practice of Passing Magnetic Stripes of Payment Cards Through a Reader (published 21 April 2016)
    Information which outlines the examples considered to be for the purpose of processing payment, and includes FAQs by the Association of Banks in Singapore on double-swiping.
  4. Guide to Handling Access Requests (published 9 June 2016)
    Information and considerations for organisations in handling requests for access to personal data, including sample access request and acknowledgement forms.
  5. Guide on Data Protection Clauses for Agreements Relating to the Processing of Personal Data  (published 20 July 2016) 
    Information, considerations and sample clauses for organisations when engaging vendors to provide services relating to the processing of personal data.
  6. Guide on Building Websites for SMEs (updated 10 July 2018)
    Information which SMEs may consider when setting up websites that collect or store personal data and the considerations to be taken when outsourcing such works to IT vendors. 
    The section on IT Vendor's Responsibilities has been updated to include documentation requirements. Additional tips on passwords have also been added to the Access Control section.
  7. Guide to Disposal of Personal Data on Physical Medium (updated 20 January 2017) 
    Information on the disposal of physical medium (largely paper) containing personal data and examples of the different ways of disposal which organisations may consider adopting. 
    Chapter 9 was updated on disposal chain control, and new examples added.
  8. Guide to Preventing Accidental Disclosure When Processing and Sending Personal Data (published 20 January 2017)
    Information that highlights good practices for organisations that process and send physical documents or electronic communications containing personal data.
  9. Guide to Developing a Data Protection Management Programme (updated 15 July 2019)
    Introduces a systematic framework to help organisations establish a robust personal data protection infrastructure.
    Section 2.1 has been updated to highlight the role of senior management in corporate governance and organisational policies. New resources such as the Guide to Data Protection by Design for ICT systems have also been included as reference.
  10. Guide to Data Protection Impact Assessments (published 1 November 2017) 
    Introduces key principles and illustrations for conducting a Data Protection Impact Assessment, which is a process that identify, assess and address personal data protection risks.
  11. Guide to Basic Data Anonymisation Techniques (published 25 January 2018)
    Information and examples on anonymisation concepts and techniques for personal data.
  12. Guide to Printing Processes for Organisations (published 3 May 2018)
    Information to assist organisations and print vendors to put in place adequate measures in their printing processes to protect personal data against unintended disclosure.
  13. Technical Guide to Advisory Guidelines on the PDPA for NRIC and Other National Identification Numbers (updated 26 August 2019) *NEW*
    Information to provide organisations with tips for the replacement of national identification numbers as a way of identifying individuals in their websites and other public-facing computer systems.
    The guide has been updated with information on SG-Verify.
  14. Guide to Managing Data Breaches 2.0 (published 22 May 2019)
    Information which organisations may consider when formulating their framework for managing and minimising data breaches, including reporting to the PDPC.
  15. Guide on Active Enforcement (published 22 May 2019)
    Information on the PDPC's Active Enforcement Framework to shift organisations from compliance to accountability.
  16. Guide to Data Protection by Design for ICT Systems (published 31 May 2019)
    Introduces key principles and provides organisations with good practices for building systems that better protect personal data. Read up on the summary here.
  17. Guide to Accountability under the Personal Data Protection Act (published 15 July 2019)
    Introduces the concept of accountability in personal data protection and how organisations may demonstrate accountability.


Last updated on 26 September 2019