Cookies on Pinsent Masons website

This website uses cookies to allow us to see how the site is used. The cookies cannot identify you. If you continue to use this site we will assume that you are happy with this

If you want to use the sites without cookies or would like to know more, you can do that here.

Singapore data protection law will come into force on 2 January

Singapore's new Personal Data Protection Act (PDPA) will come into force on 2 January, the Ministry of Communications and Information (MCI) in Singapore has announced. It has named the makeup of the two supervisory bodies to oversee and advise on the Act.21 Dec 2012

The PDPA was passed by Singapore's parliament in October and governs the way that companies collect, use, disclose and process personal data. It does not apply to public bodies.

The MCI announced the membership of the Personal Data Protection Commission (PDPC), which will administer the PDPA, and the Data Protection Advisory Committee, which will advise on the law.

The PDPC will be responsible for promoting awareness of data protection and administering and enforcing the proposed law, the Singapore government has previously said.

The PDPC will be able to fine businesses up to SIN$100,000 for obstructing the performance of its duties. Businesses that falsify personal data records or information regarding the collection, use or disclosure of personal data will face fines of up to SIN$50,000.

Under the PDPA organisations will generally be required to obtain individuals' consent in order to collect, use or disclose their personal data, the government previously said. However, there are exceptions to the rule that allow organisations to legitimately carry out any of those activities without consent.

Collecting personal data without consent is legitimate if it is in the national interests, if it is in order to recover debts, to be used by the media for its news operations or to allow employers to manage the "employment relationship" with staff, among other examples.

Personal data can be used or disclosed without the consent of individuals for "research purposes" under certain conditions, according to one of the number of exceptions to the consent requirement rule.

The collection, use or disclosure of personal data must in all cases be "for purposes that a reasonable person would consider appropriate in the circumstances" and providing the individual to whom the information relates is informed about those purposes prior to the collection, use or disclosure taking place.

Data protection expert Rosemary Lee of Pinsent Masons MPillay, the Singapore joint law venture partner of Pinsent Masons, the law firm behind Out-Law.com, previously said http://www.out-law.com/en/articles/2012/october/new-data-protection-law-passed-by-singapore-parliament/ that multinationals setting up business or processing personal data on servers based in Singapore will be less affected by the costs of compliance than small and medium sized firms

"Small and medium enterprises however may face increased costs in ensuring their business practices and operations are compliant with the new data protection requirements, as well as uncertainty in determining the appropriate security arrangements to be implemented. The Personal Data Protection Commission will be issuing advisory and compliance guidelines which would assist organisations in working towards compliance during the sunrise period," she said.

Join My Out-Law

  • See only the content that matters to you
  • Tailor Out-Law to your exact needs
  • Save the most useful content for later reading
  • Tailor our weekly eNewsletter to your interests

Join My Out-Law

Already signed up to My Out-Law? Sign in

Expertise in Confidential Information

Ideas, techniques and know-how can lie at the heart of a business. Pinsent Masons' international intellectual property team is dedicated to helping you to protect those intangible valuables that help you to stand out from your competitors.

More about Confidential Information