We use cookies to offer you a better browsing experience, analyze site traffic, personalize content. Details on the cookies we use and instructions on how to disable them are set out in our Cookies Policy. Please click the appropriate button to enable or disable cookies

[gtranslate]

PDPA amendments take effect from February 2021

Most significant changes to the PDPA since its inception come into effect in phases as of February 1, necessitating mandatory data breach notifications among other requirements

The Personal Data Protection (Amendment) Act 2020 (the PDPA Amendments) will come into effect in phases from February 1, 2021. The amendments seek to strengthen organisational accountability and consumer protection, while encouraging companies to optimise the use of personal data for innovation.

The amendments taking effect on February 1 include:

  1. Mandatory data breach notification – the Personal Data Protection Commission (PDPC) must be notified by organisations who suffer from a data breach if that breach is likely to result in significant harm to the affected individuals or is of significant scale (usually involving 500 or more individuals). The individuals who are affected by the breach must also be notified if the breach is likely to result in significant harm to them. The types of data deemed to result in significant harm is listed here. Notifications to the PDPC must be made as soon as possible, no later than three calendar days after the breach.
  2. Introduction of offences – the amendments stipulate that individuals who egregiously mishandle personal data will be held accountable through the introduction of new criminal offences. Those who recklessly or knowingly disclose personal data, use personal data for wrongful gain or wrongful loss to any person, or reckless unauthorised re-identification of anonymised data, may receive a fine not exceeding S$5,000 or imprisonment for a term not exceeding 2 years or both.
  3. Expanded consent framework – deemed consent by contractual necessity or deemed consent by notification provisions are introduced, allowing organisations to use, collect and disclose personal data. Further expansions include legitimate business interests and business improvement exceptions, and the scope is broadened to include data innovation efforts. Additional accountability requirements accompany these exceptions

Following these changes, it is vital that organisations review their data procedures and ensure they have robust protections and responses in place. Regular training sessions should be introduced and updated, including educating relevant persons on the updates.

For more information, contact Alpadis Group

Home
About Us
Our Services

Corporate Services
Private Client Services

Our Offices

Switzerland
Singapore
Hong Kong
Malaysia
Labuan

Thailand
UAE – Dubai
UAE – DIFC
Japan

Insights

Media
Blog
Press Releases
Publications

Careers
Contact Us
Sitemap
Privacy Statement
Terms and Conditions
Cookies Policy

© Alpadis 2024. All rights reserved.

[gtranslate]