Personal Data Protection Legislation Requirements in Singapore
Key Legislation
On 2 January 2013, the PDPC commenced its operations to administer and enforce the Personal Data Protection Act (“PDPA”) in Singapore. The PDPA is a data protection law that sets out standards governing the collection, use, disclosure and care of personal data.
The General Data Protection Regulation (“GDPR”) is a European Union (“EU”) legislation that sets out similar standards for organisations that process the personal data of EU natural persons (“Individuals”). The GDPR was approved by the EU Parliament in 14 April 2016 and expected to come into enforcement on 25th May 2018.
For more details on PDPA and GDPR, please refer to the Factsheet here.
On a related but separate note, click here to view our Privacy Notice that explains how our Group is managing your own data, as required by the GDPR.
Implications for Singapore Entities
All Singapore entities, including sole proprietorships, are now required to ensure compliance with the PDPA. This includes designating at least one person, a Data Protection Officer (“DPO”), to be responsible for ensuring that the entity complies with the PDPA.
The GDPR applies globally. Singapore entities that deal with the personal data of EU Individuals will need to ensure compliance with the GDPR.
It is essential that Singapore entities review their current data protection situation and appoint a DPO to ensure compliance with the PDPA and GDPR (if applicable).
Penalties
The maximum penalties for non-compliance with the regulations are harsh. In Singapore, a fine of up to SGD1 million, and/or imprisonment for up to 12 months, can be imposed for non-compliance with PDPA provisions.
Non-compliance with GDPR can result in administrative fines of up to EUR20 million, or up to 4% of the total worldwide annual turnover of the preceding financial year, whichever is higher.
How Vistra can help
The enactment of this legislation underlines the increasing global concern about the collection and control of the personal data of individuals. Companies that routinely process personal data for individuals, including staff, clients and other third-party individuals, should take steps to ensure compliance with the regulations.
Vistra has broadened its service offering to provide services to support compliance with the PDPA and GDPR. Details of the services are set out in the attached factsheet.
Please contact your usual Vistra representative or email [email protected] if you would like to enquire further about our data protection services.
The contents of this article are intended for informational purposes only. The article should not be relied on as legal or other professional advice. Neither Vistra Group Holding S.A. nor any of its group companies, subsidiaries or affiliates accept responsibility for any loss occasioned by actions taken or refrained from as a result of reading or otherwise consuming this article. For details, read our Legal and Regulatory notice at: https://www.vistra.com/notices . Copyright © 2024 by Vistra Group Holdings SA. All Rights Reserved.
