Amendments to the Personal Data Protection Act

New amendments of the Personal Data Protection (Amendment) Act 2020 have come into effect, read our article to learn more.

Data Protection Act changes Singapore 

New changes which have come into effect

The Personal Data Protection Act is constantly being reviewed and built to cater to the fast-changing landscape of the digital economy, and ensure that Singapore’s personal data protection laws are aligned with international standards, such as the GDPR.

Below is a list of some of the amendments which have come into effect from 1 February 2021:

  • Mandatory breach notification
  • Accountability principle
  • Mishandling of personal data
  • Unsolicited messages
  • Voluntary undertakings
  • Alternative dispute resolution
  • Do Not Call breaches
  • Business improvement exception
  • Research & development exception
  • Legitimate interests exception
  • Contractual necessity

More information on the above can be found on the Personal Data Protection Commission website, in particular the revised guidelines on the enforcement of the data protection provisions. Our Data Protection experts at Hawksford can also help you navigate through the changes as required. 

Upcoming changes that are yet to take effect

Higher maximum financial penalties

Financial penalties that organisations may face for violations of the PDPA shall be increased to up to 10% of annual gross turnover in Singapore or S$1 million, whichever is higher.

The revision of financial penalties aligns the PDPA with similar penalty mechanisms in other jurisdictions, notably the EU, Australia and in other local laws such as the Competition Act.

Data portability

A new data portability obligation will allow individuals to request a copy of their personal data to be transmitted in a commonly used machine-readable format to another organisation, enabling consumers to switch to new service providers more easily.

How do these changes affect businesses? 

Organisations will need to adapt or change their approach to PDPA compliance and data protection in general to meet the new requirements and expectations of individuals, regulators and the community.

They will need to review existing company polices on consumer data, and strengthen the gaps where needed. Adjustments and coordination will also need to be carried out to manage data breach reporting policies and procedures.

How can Hawksford help?

Navigating the complexities of meeting your data obligations can be difficult, that’s why outsourcing your data protection requirements to a specialist provider, like Hawksford can help keep costs low, save time, and provide a peace of mind.

Our Data Protection Services

Regardless of the scale and size of your operations, Hawksford can take away the administrative burden so that you can focus on the most important factors which are relevant for your company’s growth and improvement.

Our services include:

  • Outsourcing of Data Protection Officer (“DPO”)
  • Template Policy and Procedures
  •  Staff Data Protection Training
  • Compliance Assessments DPO registration

Contact us to learn about the new and upcoming changes to ensure your company is compliant.

This material is intended for general information purposes only and does not constitute legal advice.

Outsource your data protection to Hawksford today.

We can help company be compliant in Singapore

speak to our experts