Importance of Information Privacy Compliance in Singapore

Article by Tsaaro

October 27, 2021

7 min read

Introduction

Worries about information privacy are expanding every day. With the expanding online businesses, the developing utilisation of web-based media, and as more and more people utilise the web for everything from recording their duties to venting about their managers, there is a lot of individual data that dwells outside the client’s secured area. Governments and administrative specialists are finding ways to control the utilisation of individual data and bring some form of protection to the people.

What are laws regulating Information Privacy in Singapore?

The Personal Data Protection Act (PDPA) is the privacy law of Singapore. It is even older than the European Union’s General Data Protection Regulation (GDPR) and has been active since 2014. The basic principles of both the PDPA and GDPR are similar.

What is the PDPA?

The PDPA is a set of data protection laws in Singapore. It incorporates sector-specific frameworks such as the Banking Act or the Insurance Act. The PDPA is a very balanced law, it knows the value of customer data and at the same time understands the need of organisations to collect some of this data. PDPA tries to regulate and ensure that the data being collected is for reasonable uses only and not in excess to hinder one’s privacy.

What is PDPA not applicable on?

PDPA covers personal data in both electronic and non-electronic formats.

Normally it is not applicable on the following:

Individuals acting on a personal/domestic basis.
Individuals acting on their own as employees of an organisation.
Public bodies in the tasks of collecting or disclosing personal data.
Business contact information such as name, title, position, fax number, business address etc.

How can you ensure compliance?

Organisations need to appoint a Data Protection Officer.
Companies must notify individuals and seek their consent for data collection.
Companies are bound to respond when someone asks about their personal data.
Companies have to allow correction and emission of data on their request.
Make sure that the data is stored securely.
Ensure that your organisation deletes the data when it is not required anymore.
If the data is being transferred overseas then make sure that it is done through a secure channel.
Keep a track on the data processors of your organisation.
Check and maintain the Do not Call registry.
Communicate any changes in data protection policies and any other practices.

What happens if you don’t comply with PDPA?

PDPA has offences categorised as knowingly or unknowingly disclosing personal data, using somebody else’s data for your profit, and identifying anonymised data. A maximum fine of 5000 SGD combined with imprisonment of up to 2 years can be given in the cases of non-compliance based on the severity of the act.

Conclusion

Associations are needed to conform to the different information insurance commitments in the event that they embrace exercises identifying with the assortment, use or exposure of individual information. Look further into the commitments here. The PDPA perceives both the need to ensure people’s very own information and the need of associations to gather, utilise or unveil individual information for genuine and sensible purposes.