Enacted in 2012 as Singapore first’s data protection law, the Personal Data Protection Act (PDPA) governs the collection, use and disclosure of personal data by organisations in Singapore. To address the evolving needs of ­Singapore’s ­rapidly growing digital economy and the technological developments that pose significant challenges to earlier consent-based approaches to data protection, the PDPA ­underwent an extensive overhaul in this recent round of amendments (the Amendment), most of which took effect on 1 February 2021. Some changes from the Act have yet to come into force and will be introduced in phases, including increased financial penalties for breach of the PDPA, and a new right of data portability for individuals. The amendments have also been the subject of corresponding modifications in the Advisory Guidelines on Key Concepts of the PDPA by the Personal Data Protection Commission (PDPC, or Commission), and in practical guides and additional guidelines published by the Commission.