Singapore DP law amendments: Practical implications

Data breach notification becomes mandatory. By Grace Chen, privacy lawyer, and Dr Clarisse Girot of the Asian Business Law Institute in Singapore.

Enacted in 2012 as Singapore first’s data protection law, the Personal Data Protection Act (PDPA) governs the collection, use and disclosure of personal data by organisations in Singapore. To address the evolving needs of ­Singapore’s ­rapidly growing digital economy and the technological developments that pose significant challenges to earlier consent-based approaches to data protection, the PDPA ­underwent an extensive overhaul in this recent round of amendments (the Amendment), most of which took effect on 1 February 2021. Some changes from the Act have yet to come into force and will be introduced in phases, including increased financial penalties for breach of the PDPA, and a new right of data portability for individuals. The amendments have also been the subject of corresponding modifications in the Advisory Guidelines on Key Concepts of the PDPA by the Personal Data Protection Commission (PDPC, or Commission), and in practical guides and additional guidelines published by the Commission.

Continue reading

International Report subscribers and attendees from PL&B's New and updated privacy laws in Asia event please login to access the full article.

If you wish to subscribe please see our subscription information.