Is PDPA mandatory in Singapore?
It’s mandatory. All businesses, big or small, need a Data Protection Officer* (DPO). Someone who can develop and implement good policies and practices for handling personal data that meet your organisation’s needs. Someone who can communicate the policies and practices clearly to employees and customers.
Which are the new obligations introduced in the latest amendments to the PDPA?
The amendments take effect on 1 October 2021. These include minor clarifications to what constitutes significant harm for mandatory data breach reporting, defences for egregious mishandling of personal data and on ways organisations may provide the business contact information of their Data Protection Officers.
What is covered under PDPA Singapore?
The PDPA covers all electronic and non-electronic personal data, regardless of whether the personal data is true or false. You, too, have a responsibility to protect your own personal data. By being careful in managing your personal data, you can reduce the risks of misuse of your personal data.
What is the penalty for PDPA?
A financial penalty of $14,000 was imposed on Nature Society (Singapore) for breaches of the PDPA. First, the organisation failed to put in place reasonable measures to protect personal data on its website database.
Who is exempted from PDPA?
Any person or organisation (or any class of persons or organisations) may be granted exemption from all or any of the provisions of the PDPA with the approval of the Minister, by order published in the Gazette.
When was PDPA implemented in Singapore?
2 January 2013
The PDPA was passed by the Parliament of Singapore (‘the Parliament’) on 15 October 2012, and was implemented in three phases. The first phase of general provisions came into effect on 2 January 2013.
When did Personal Data Protection Act PDPA come into full effect in Singapore?
The Personal Data Protection Act (PDPA) is a data protection law enacted by the Parliament of Singapore on 15 October 2012. The Act came into full effect in July 2014 and was recently updated in November 2020.
What is not covered under PDPA?
Scope of the PDPA It generally does not apply to: Any individual acting on a personal or domestic basis. Any individual acting in his/her capacity as an employee with an organisation. Any public agency in relation to the collection, use or disclosure of personal data.
Does PDPA apply to deceased?
As the term “individual” includes both living and deceased individuals, the PDPA applies in respect of deceased individuals. However, as will be explained later, the PDPA applies to a limited extent in respect of the personal data of deceased individuals.
Can I sue for data breach?
If your company has a data breach on your network, your client may sue you if it causes harm to their business. And if your client suffers a data breach on their network, they may also hold you accountable.
What are the penalties for non compliance with the PDPA Singapore?
Non-compliance with certain PDPA’s Do Not Call provisions are a criminal offence and punishable upon conviction with a fine not exceeding USD 7,400 and/or imprisonment for a term not exceeding 3 years and, in the case of a continuing offence, to a further fine not exceeding USD 740 for every day or part thereof during …