The Personal Data Protection Act (PDPA) governs the collection, use, disclosure and care of personal data by private sector organisations in Singapore. It applies to all businesses — regardless of size or industry — that handle any personal data of individuals. Non-compliance can result in financial penalties of up to S$1 million, or 10% of annual Singapore turnover for organisations with local turnover exceeding S$10 million.
Key Obligations
Consent
Obtain individuals' consent before collecting, using or disclosing their personal data
Purpose Limitation
Use data only for purposes communicated to the individual at the point of collection
Notification
Inform individuals of the purposes for data collection prior to or at the point of collection
Access & Correction
Allow individuals to access their data and request corrections
Protection
Implement reasonable security measures to protect data from unauthorised access or disclosure
Retention Limitation
Cease retention once data is no longer needed for its original purpose
Data Breach Notification
Notify PDPC and affected individuals within 3 calendar days of assessing a notifiable breach
Accountability (DPO)
Appoint a Data Protection Officer and make their business contact information publicly available
"Through our affiliates, Integra Solutions provides end-to-end PDPA advisory — from policy drafting and DPO support to data protection impact assessments and breach response planning."
Integra Solutions — Advisory Services