Singapore’s Personal Data Protection Act (PDPA) regulates the flow of personal data among its private sector businesses to:
- Protect its citizens.
- Allow organizations to gather necessary information securely.
The Act establishes a general data protection law governing the collection, use, and disclosure of an individual’s information by the private sector and seeks to improve Singapore’s standing as a secure place to do business.
Here’s what you need to know – and how Fortra’s Data Classification Suite can help you comply.
Who Must Comply with the PDPA Act?
Those subject to the requirements of the PDPA Act include:
- Private enterprises in Singapore that collect, use, and disclose personal data.
- Organizations outside of Singapore that collect, use, or disclose the personal data of individuals in Singapore.
Those excluded include:
- Government entities (they have their own data protection rules)
- Public Agencies.
- Individuals acting in a personal capacity and employees acting in the scope of their job.
How Does the DPDA Define Personal Information?
Per the Act, personal data is defined as, “data, whether true or not, about an individual who can be identified from that data, or from that data and other information to which the organization has or is likely to have access.” It applies to data whether in electronic form or not, and whether or not it is sensitive, with a few notable exclusions.
What Are the Requirements of the DPDA?
A series of obligations are imposed on Singapore’s private organizations with respect to and individual’s personal data. Those obligations include:
- Consent Obligation
- Purpose Limitation Obligation
- Notification Obligation
- Access and Correction Obligation
- Accuracy Obligation
- Protection Obligation
- Retention Limitation Obligation
- Transfer Limitation Obligation
- Accountability Obligation
- Data Breach Notification Obligation
- Data Portability Obligation
The obligations of the DPDA can be viewed in detail here.
How Fortra’s Data Classification Suite Can Help
Fortra's Data Classification Suite helps organizations comply with PDPA by:
- Locating
- Identifying
- Classifying
Unstructured data that contains personally identifiable information (PII). Once the data has been identified, our Data Classification Suite helps to enforce the critical PDPA obligations for the:
- Protection
- Transfer
- Retention
Of personal information, as protected under the Act.
Learn more about how Fortra’s Data Classification Solution can help you comply with international standards. Schedule your free, personalized demo today