Singapore Parliament Increases Data Privacy Obligations of Organizations
Singapore’s data protection law, the Personal Data Protection Act 2012 (PDPA), took effect on January 2, 2013, and is enforced by the Personal Data Protection Commission (“the Commission”). Like the GDPR, the PDPA has an extraterritorial effect, meaning it applies to organizations collecting, using, or disclosing personal data of Singaporean residents regardless of whether the organization itself has a physical presence or is registered as a company in Singapore. Also like the GDPR, the PDPA requires that covered businesses appoint a data protection officer (DPO) who is responsible for the organization’s compliance with the PDPA.
On November 2, 2020, the Singapore Parliament passed several amendments to the PDPA aimed at “strengthening consumer trust through organizational accountability.” Like recent legislation in Brazil, California, and Canada, the amendments to the PDPA adopt several of the GDPR’s pro-consumer obligations, especially regarding data breaches. Parliament did not delay the enforcement of these new amendments, and we recommend businesses update their Singaporean programs immediately to comply with these new measures. read more