Data protection

Singapore releases new data protection guidelines

The Personal Data Protection Commission (PDPC) in Singapore introduced updated advisory guidelines to help companies stay in compliance with the Personal Data Protection Act (PDPA).

The Personal Data Protection Commission (PDPC) in Singapore introduced the Guide to Preventing Accidental Disclosure when Processing and Sending Personal Data, as well as updates to the three existing guides on January 20, 2017. 

The updates refer to the Guide to Securing Personal Data in Electronic Medium, Guide to Disposal of Personal Data on Physical Medium, and Guide on Building Websites for SMEs. In addition, the PDPC also released two enforcement decisions on January 25, 2017, relating to the breach of personal data protection obligations under the PDPA.

Strict financial penalties were imposed on the organizations in breach of PDPA regulations for their failure to prevent unauthorized access of individuals’ personal data stored online.

In one of the decisions, the PDPC also directed the organization to cease storage of documents containing personal data via its internal system until appropriate remedial actions have been completed. The PDPC’s willingness to enforce the PDPA sends a clear message to organizations in control of personal data, as well as data intermediaries, that the PDPC will take any breach of the data protection obligations seriously. 

Accordingly, organizations concerned about compliance with the PDPA should take action immediately to ensure compliance with their obligations under the PDPA.

More about the guides

The new Guide to Preventing Accidental Disclosure When Processing and Sending Personal Data aims to equip organizations with the knowledge to prevent accidental disclosure when processing and sending out personal data and includes recommendations on good practices that organizations should adopt.

Updates to the existing guides include the following:

  • The Guide to Securing Personal Data in Electronic Medium and Guide to Disposal of Personal Data on Physical Medium now provide new examples that further illustrate good practices in the handling of personal data for organizations.
  • The Guide to Disposal of Personal Data on Physical Medium now introduces new examples and has been updated with respect to disposal chain control.
  • The Guide to Securing Personal Data in Electronic Medium has been expanded to provide more guidance regarding the use of ready-made software.
  • The Guide on Building Websites for SMEs has been updated and now includes a section on the use of ready-made software that advises organizations to understand the features of the software and how it should be configured to handle personal data.