Singapore’s Take on the GDPR
The country has approved an amendment to their landmark Personal Data Protection Act
Singapore has passed a comprehensive amendment to the 2012 Personal Data Protection Act (PDPA). Companies in the country are now allowed to use personal data without consent for certain purposes. This may sound like a free-for-all (especially compared to the GDPR), but the amendment includes a list of guidelines that transition a considerable amount of responsibility to companies. They must perform risk assessments, give consumers opt-out periods, and follow a slew of other directives. Choosing not to comply will lead to immense fines. Singapore’s version of the GDPR serves its purpose well - it is a compromise between a small country and large companies.
Click here if you’d like to read the amendment in full. Find a brief breakdown of the amendment below:
When can personal data be used?
- For business improvement purposes
- For research and development purposes
- For instances in the legitimate interests of an organization or another person
- For instances of contractual necessity
What are the consequences of noncompliance?
Companies will be awarded increased financial penalties for violating the PDPA.
- Companies bringing in more than S$10 million annually will be subject to fines of up to 10% of their turnover
- Companies bringing in less than S$10 million annually will be subject to fines of up to S$1 million
How will companies be held accountable?
- Companies will be mandated to notify consumers of data breaches
- A Data Protection Trustmark certification will be awarded to companies that meet certain standards
- Specific risk assessments will be required
How will this empower consumers?
- Consumers will be able to request that companies send copies of their personal data to other companies operating in Singapore (data portability)
- Consumers will receive additional protections from unsolicited messages, dictionary attacks, harvesting software, and commercial text messages