PDPA or “Personal Data Protection Act”

Is a personal data protection act effective on 2 July 2014. There are heavy penalties for not adhering to PDPA. Fine can be up to S$1 million and company may suffer reputational risk.

The Personal Data Protection Commission (PDPC) was established on 2 January 2013 to administer and enforce the PDPA.

The PDPC serves as Singapore’s main authority in matters relating to personal data protection and will represent the Singapore Government internationally on data protection related issues. The PDPC administers and enforces the PDPA to protect individuals’ personal data and the needs of organisations to use the data for legitimate purposes.

PDPC also formulates and implements policies relating to the protection of personal data, including the relevant regulations and Advisory Guidelines, to help organisations understand and comply with the PDPA. From time to time, PDPC will also review organisational actions in relation to data protection rules and issue decisions or directions for compliance where necessary.

In addition, the PDPC oversees the development and operation of the Do Not Call (DNC) Registry.