What is Personal Data?
Under Personal Data Protection Singapore, “personal data” means data, whether true or not, about a customer who can be identified: (a) from that data; or (b) from that data and other information to which we have or are likely to have access. These include but not limited to:
- Name
- National Residential Identity Card number
- Passport number
- Photograph or video image of an individual
- Mobile telephone number
- Personal email address
- Thumbprint
- Residential address
What is Personal Data Protection Act in Singapore?
In accordance with the Singapore Personal Data Protection (Amendment) Bill, organisations can be fined up to S$1 million or 10% of their annual Singapore’s revenue for not complying with the PDPA. Specifically, in accordance with the PDPA, all organisations must adhere to the Do-Not-Call Provisions and meet the following nine obligations:
Appointment of Data Protection Officer (DPO)
Under the PDPA, the appointment of a Data Protection Officer (the “DPO“) is mandatory when the company/organisation is collecting personal data in the course of carrying out its business operations. A DPO of your company can be one individual or a team (either an employee or externally appointed) to ensure its compliance with the PDPA. Primarily, the role of the DPO includes the following:
- Develop and implement processes and policies for the handling of personal data;
- Foster a data protection culture among employees and communicate personal data protection policies to stakeholders;
- Manage queries and complaints regarding your business’ protection of personal data;
- Alert management of any risks of data protection which may arise;
- Data breach management;
- Liaise with the Personal Data Protection Commission (PDPC) on data protection matters, where necessary
How InCorp can help
As an approved DPaaS@SMEs provider, we are able to assist you in the following key areas:
Data Protection Management | Data Breach Management | Training on Data Protection |
✓ Develop and implement policies and processes to fulfil statutory obligations stipulated by the Act ✓ Provide consultation service and recommendations to enhances clients’ compliance with PDPA ✓ Acting and assuming the role of the DPO of the Company |
✓ Develop and implement data breach management and response plan ✓ Establish measures to respond to a data breach and reporting of data breach |
✓ Conduct trainings, seminars and talks to the Company’s employees on PDPA and their respective responsibilities |
InCorp also offers the following services:
FAQs on Personal Data Protection
What personal data is protected by the PDPA?
- Personal data" means data, whether true or not, about a customer who can be identified: (a) from that data; or (b) from that data and other information to which we have or are likely to have access. These include but not limited to: · Name · National Residential Identity Card number · Passport number · Photograph or video image of an individual · Mobile telephone number · Personal email address · Thumbprint · Residential addressThese personal data are covered in the PDPA and organisation must ensure it complies with the nine obligations set out in the PDPA if such data is being collected in their course of business.
- The Singapore Personal Data Protection Act 2012 (PDPA) is a law governing the collection, use and disclosure by all private entities of personal data. On 2nd July 2014, the Act came into full force.
- Yes. In Singapore, breach of data is taken as a serious offence, and organisations that do not comply with the PDPA can be fined up to S$1 million.
- To stay compliant with the PDPA, the organisation has to appoint a Data Protection Officer (DPO), either internally or externally, implement personal data protection policies and data protection management programme addressing potential data security risk and measures. The programme should cover data breach management system, provide an efficient response plan when an incident occurs and should clearly define the roles and responsibilities of the people in the organisation in relation to data protection.