The Personal Data Protection Commission (PDPC) of Singapore has revised Chapter 6 (Organisations) and Chapter 15 (Access and Correction Obligations) of the Advisory Guidelines on Key Concepts in the Personal Data Protection Act, or PDPA (the Guidelines).
Chapter 6 has been revised to provide clarity on the obligations of organisations and data intermediaries where personal data is transferred overseas.
- Where an organisation engages a data intermediary to process personal data on its behalf and for its purposes, the organisation is responsible for complying with the Transfer Limitation Obligation, regardless of whether the personal data is transferred by the organisation to an overseas data intermediary, or transferred overseas by the data intermediary in Singapore.
- The onus is on the transferring organisation to undertake appropriate due diligence and obtain assurances when engaging a data intermediary to ensure it is capable of doing so.
Chapter 15 has been revised to provide clarity on access requests to personal data received by organisations. [read more]