Clym Logo

Personal Data Protection Act (PDPA) Singapore

Regulation Summary

  • October 15, 2012: Enactment of the PDPA.
  • July 2, 2014: Full enforcement of the PDPA.
  • February 1, 2021: Amendments to strengthen enforcement and introduce mandatory breach notifications.

  • All private sector organizations collecting, using, or disclosing personal data in Singapore.
  • Foreign businesses operating in Singapore or handling the data of Singaporean residents.
  • Excludes government agencies, public authorities, and individuals handling data for personal use.

  • Personal data collected for personal or domestic purposes.
  • Business contact information used solely for professional communications.
  • Data processed under national security or law enforcement purposes.

  • Obtain clear and informed consent before collecting personal data.
  • Ensure data is used only for specific, disclosed purposes.
  • Provide individuals with access to and the ability to correct their data.
  • Maintain reasonable security measures to protect against breaches.
  • Notify the PDPC and affected individuals of data breaches.
  • Ensure compliance for international data transfers.

  • Implement cookie consent mechanisms.
  • Maintain a clear and accessible privacy policy.
  • Secure online data collection and processing.
  • Provide users with easy access to opt-out and data control mechanisms.

  • Cross-Border Data Transfers: Companies must ensure data transfers provide comparable protection.
  • Privacy Impact Assessments: Required for high-risk processing activities.
  • Data Protection Officers (DPOs): Mandatory for organizations handling significant volumes of personal data.

  • Access: Request access to personal data held by an organization.
  • Correction: Rectify inaccurate or outdated personal information.
  • Withdrawal of Consent: Opt-out of data processing.
  • Objection: Restrict data use for specific purposes.

  • Regulatory Authority: Personal Data Protection Commission (PDPC).
  • Penalties: Fines up to SGD 1 million (~USD 740,000) or 10% of annual turnover for serious violations.
Book a demo