Data protection and privacy—Singapore—Q&A guide
Data protection and privacy—Singapore—Q&A guide

The following Information Law practice note provides comprehensive and up to date legal information covering:

  • Data protection and privacy—Singapore—Q&A guide
  • 1. Summarise the legislative framework for the protection of personally identifiable information (PII). Does your jurisdiction have a dedicated data protection law? Is the data protection law in your jurisdiction based on any international instruments on privacy or data protection?
  • 2. Which authority is responsible for overseeing the data protection law? Describe the investigative powers of the authority.
  • 3. Are there legal obligations on the data protection authority to cooperate with other data protection authorities, or is there a mechanism to resolve different approaches?
  • 4. Can breaches of data protection law lead to administrative sanctions or orders, or criminal penalties? How would such breaches be handled?
  • 5. Does the data protection law cover all sectors and types of organisation or are some areas of activity outside its scope?
  • 6. Does the data protection law cover interception of communications, electronic marketing or monitoring and surveillance of individuals? If not, list other relevant laws in this regard.
  • 7. Identify any further laws or regulations that provide specific data protection rules for related areas.
  • 8. What forms of PII are covered by the law?
  • 9. Is the reach of the law limited to PII owners and processors of PII established or operating in the jurisdiction?
  • More...

This Practice Note contains a jurisdiction-specific Q&A guide to data protection and privacy in Singapore published as part of the Lexology Getting the Deal Through series by Law Business Research (published: May 2020).

Authors: Drew & Napier LLC—Lim Chong Kin

1. Summarise the legislative framework for the protection of personally identifiable information (PII). Does your jurisdiction have a dedicated data protection law? Is the data protection law in your jurisdiction based on any international instruments on privacy or data protection?

The main data protection legislation in Singapore is the Personal Data Protection Act 2012 (No. 26 of 2012) (PDPA).

The PDPA applies to all organisations that collect, use or disclose personal data in Singapore, regardless of whether they are formed or recognised under Singapore law or whether they are resident or have an office or place of business in Singapore unless one of the exceptions under section 4 of the PDPA applies.

On 2 January 2014, provisions relating to the Do-Not-Call (DNC) registry came into force; and the main data protection provisions under parts III to VI of the PDPA (Data Protection Provisions) came into effect on 2 July 2014. The Data Protection Provisions set out the obligations of organisations with respect to the collection, use, disclosure, access to, correction and care of personal data.

The PDPA also provides for the establishment of the Personal Data Protection Commission (PDPC), the

Popular documents