Singapore News - Personal Data Protection in Singapore - Duties and Obligations
During the last couple of weeks, most organizations registered / incorporated in Singapore received a letter from the Personal Data Protection Commission (please find a sample attached hereto) which once again highlighted that in accordance with the Personal Data Protection Act ("PDPA") all organizations (irrespective of size, legal form, etc.) are required to (i.) implement data protection policies and (ii.) appoint a so called data protection officer ("DPO").
The PDPC further recommends that such DPOs are available during Singapore business hours. Also, the contact details of the DPOs have to be made publicly available (most companies would publish the details on their homepage and also submit the details to the PDPC at www.pdpc.gov.sg/dpo-contact). Since DPOs do not necessarily need to be employed by the appointing organization, DPO services can also be outsourced.
Given the continued efforts of the Singapore government to inform organizations about their obligations under the PDPA, it is to be expected that the PDPA´s provisions will be strictly enforced. This is further emphasized by the weekly growing number of PDPC decisions against multiple organizations.
Organizations are therefore well advised to ensure compliance with the PDPA. Implementing the above mentioned policy and appointing the DPO would be the first steps towards this direction.
Luther LLP supports its clients in this regard comprehensively. We offer inter alia:
- DPO / DPO Nominee services;
- data protection policies;
- PDPA trainings; and
- PDPA audits.
Further details in this regard can be found in our attached personal data protection brochure.
If you should have any questions, please feel free to contact us anytime.
Pascal Brinkmann, LL.M. (Stellenbosch)