KEEP IN TOUCH
Subscribe to our mailing list to get free tips on Data Protection and Cybersecurity updates weekly!
The Personal Data Protection Act 2012 (PDPA) governs the collection, use and disclosure of personal data. The PDPA was passed by Parliament in October 2012 and was progressively enforced in several stages from January 2013 till July 2014.
The PDPA recognizes both:
Personal data refers to data, whether true or not, about an individual who can be identified from that data; or from that data and other information to which the organization has or is likely to have access.
Examples of personal data that can on its own, or when made available together, identify an individual include:
Note that the PDPA’s disclosure and protection provisions protects the personal data of deceased individuals for up to 10 years.
Also Read: Understanding the mandatory data breach notification of Singapore
The PDPA does not apply to the following categories of personal data:
The PDPA applies to organizations in respect of the collection, use and disclosure of personal data in Singapore. There are however, certain parties that do not need to comply with these obligations.
Natural persons:
Employees acting in the course of their employment will have to adhere to their organisation’s policies for ensuring the organization’s compliance with the PDPA. They themselves will not be held personally liable for breaching the PDPA as a result of their actions instructed by their organization.
Entities:
Public agencies are not governed by the PDPA because there are fundamental differences in how the public sector operates compared to the private sector. They have to comply with Government Instruction Manuals and the Public Sector (Governance) Act (PSGA). Collectively, these provide higher standards of data protection compared to the PDPA.
Note that organisations which are data intermediaries are partially excluded from these obligations. Only the Protection and Retention Limitation Obligations apply. A “data intermediary” is defined as an organisation that processes personal data on behalf of another organisation.
Processing includes:
If you have any questions or concerns regarding PDPA compliance for your Organization, feel free to contact us at here or email us at [email protected]
Also Read: What you need to know about appointing a Data Protection Officer in Singapore