A personal data breach refers to any unauthorised access, collection, use, disclosure, copying, modification or disposal of personal data. This can occur as a result of malicious activities, human error or system error. If your organisation had suffered a data breach incident, it should first assess whether the data breach is notifiable under the PDPA. Organisations do not need to report every breach to the PDPC. 

Organisations may use this self-assessment tool to assist with the determination of whether a data breach incident is notifiable. If you are unsure which answer to choose when utilising the self-assessment tool, we encourage you to err on the side of caution.

This self assessment tool is only a guide, and the result is not definitive in the assessment of any decision not to notify the PDPC. This self-assessment tool does not ask for any information that identifies you or your organisation. No information you enter is sent to us unless at the end of the self-assessment, you elect to go on to submit a data breach notification to us. Nothing you enter in this self-assessment or go on to submit to us is stored on our website.

Self-assessment tool