Data Protection
In Singapore., all companies are required to comply with the Personal Data Protection Act (PDPA), which is enforced by the Personal Data Protection Commission (PDPC).
Data protection is thus important to businesses which collect, store, use and share personal information of their customers. Such businesses would include retail, restaurants, gyms, etc who serve the retail segment. Although business information is currently not covered under the PDPA, businesses who hold employee PII are also liable for breaches of their company information.
Businesses are expected to use PII only for the purposes where consent has been given and to provide adequate protection to prevent breaches of the data. PDPC has imposed fines for non-compliant behavior. It is thus important for businesses to demonstrate that they have implemented measures including having data protection procedures, staff training, reviewing of data sharing arrangements, and procedures on handling data breaches. Other controls would include anonymising data and having proper data retention periods.
Business which operate outside Singapore may also find themselves subject to external jurisdictional regulations such as
Japan has the Act on the Protection of Personal Information (APPI)
South Korea has the Personal Information Protection Act (PIPA)
India introduced the Personal Data Protection Bill
China has various data protection laws and regulations, including the Personal Information Protection Law (PIPL) which was passed in 2021
Hong Kong has the Personal Data (Privacy) Ordinance
Auditworkz has the necessary data privacy specialists to assist you in this area. Our staff have CIPP/E and CIPM certificates, and were previously the Data Protection Officers for Big Data organisations.
Useful Links: