What is Personal Data Protection?

1. What is Personal Data Protection Act (2012) (“PDPA”)?

• PDPA governs the collection, use and disclosure of personal data by organisations in a manner that recognises both the right of individuals to protect their personal data and the need of organisations to collect, use or disclose the data for reasonable purposes
• The Personal Data Protection Commission (PDPC) was established on 2 Jan 2013 to administer and enforce the Personal Data Protection Act (PDPA).
• Main authority in matters relating to personal data protection, representing the Singapore Government internationally on data protection related issues

2. What is Personal Data?

• “Personal data” refers to data about an individual who can be identified from that data; or from that data & other info that the organisation has or is likely to have access.

3. Who can be the DPO?

• Organisation can designate one or more individuals to be responsible for ensuring compliance with the PDPA
• DPO should ideally be:
  • A member of the senior management or have direct reporting line to senior management
  • Sufficiently skilled, knowledgeable and amply empowered to drive data protection policies and practices in the organisation

4. What are the responsibilities of a DPO

• Is the primary contact point for organization’s data protection matters
• Develop and implement
  • Policies and practices necessary for PDPA compliance
  • Data breach management plan to manage data breaches
  • Process to receive and respond to public complaints/concerns with the organization’s data protection policies and practices
• Provide staff training on organisation’s policies and practices
• Make information on data protection policies, practices and complaint process available on request

5. Must the DPO be a Singapore or Singapore Permanent Resident employee that is based in Singapore?

• The PDPA does not prescribe the nationality of a DPO and where he/she should be based. In addition, the DPO need not be an employee of the organisation.
• However, the DPO whose business contact information provided must be reachable whenever a member of the public in Singapore attempts to contact him, to be compliant with the PDPA requirements. For clarity, it is not mandatory to use a Singapore telephone number though you are strongly encouraged to do so to ease the communication process.

6. When is the deadline for filing DPO information on BizFile+?

• 30 September 2024

7. Who can register File DPO’s Information in Bizfile+?

• You need to be the Registered Officer on Corppass (i.e. Owner, Director, Corporate Secretary) to perform the transaction on behalf of the organisation.

8. Any penalty if Company do not register for DPO?

• DPO registration is voluntary and companies will not be fined for not registering their DPO. However, companies who do not register their DPO in the BizFile+ should ensure that the contact information of their DPO is made available to the public through other channels, as required under the PDPA.

9. More information

• For more information, you may refer to PDPC website (FAQ).

Disclaimer: This article is for informational purposes only and does not constitute any professional advice. Feel free to contact us to consult with our professional advisors team for personalized advice and guidance.

Sources:https://www.pdpc.gov.sg/overview-of-pdpa/the-legislation/personal-data-protection-act