In compliance with the Personal Data Protection Act 2012, an organisation must designate at least one DPO and the DPO’s contact information must be made available to the public.
Responsibilities of the DPO
The responsibilities of a DPO include, but are not limited to:
- Ensuring PDPA Compliance
- Fostering a Data Protection Culture
- Efficient Handling of Data Inquiries
- Alert Management on Personal Data Risks
- Liaise with PDPC when required
The DPO function may be a dedicated responsibility or added to an existing role in the organisation. The appointed DPO may also delegate certain responsibilities to other officers. Organisations with manpower constraints may outsource operational aspects of the DPO function to a service provider.
Register with PDPC
Register now to automatically be a part of the DPO community and gain access to:
- Free workshops and resources
- Latest updates on PDPA and best practices
- Exclusive networking events
- Insights on key trends for data breach prevention
ACRA Registered Entities
Register via BizFile+ with your Corppass
Non-ACRA Registered Entities
Register via our PDPC online form
For any queries, reach out to us via this contact form.
1. Is it mandatory to register my organisation’s DPO via BizFile+?
It is mandatory by law for organisations to appoint a DPO to be responsible for ensuring compliance with the PDPA and make the DPO’s business contact information available to the public. Registering your DPO via ACRA’s BizFile+ would satisfy this PDPA’s obligation, and we strongly encourage your organisation to take this necessary step.
2. Why do I need to register my organisation’s DPO via BizFile+ and not another channel?
BizFile+ is a one-stop portal that offers convenience for businesses to file their company’s information, including their DPO’s business contact information. As the public can access the information on any ACRA-registered business on BizFile+, registering your organisation’s DPO via this portal would satisfy the PDPA’s obligation of appointing a DPO and making the contact information available to the public.
3. If I have received an email to register my DPO with PDPC, is there a penalty for missing the stipulated deadline mentioned in the email?
While there is no penalty if you miss the deadline, we strongly encourage you to register your DPO via BizFile+ as soon as possible. PDPC may take action against organisations that cannot demonstrate compliance with the PDPA to appoint a DPO, including making the DPO’s business contact information available to the public.
4. What action(s) will PDPC take against my organisation if we failed to appoint a DPO?
The specific enforcement action(s) taken by the PDPC for an organisation’s failure to appoint a DPO will depend on the circumstances of the data breach incident, the organisation’s non-compliance with the PDPA and its response to rectify the situation. Enforcement outcomes could comprise Warnings, Directions or Financial Penalty. Therefore, it is crucial for organisations to comply with the requirement to appoint a DPO, as mandated by the PDPA, and ensure proper data protection governance.
5. How soon must I update the DPO information when there is a change of DPO appointment?
You are strongly encouraged to register your appointed DPO with PDPC as soon as possible. It is important to ensure that the DPO information is accurate and up-to-date, since the information will be publicly available and used by individuals to contact your DPO regarding data protection matters.