Changes to the Personal Data Protection Act

DP Image.jpg

The Personal Data Protection Commission (PDPC) in Singapore has announced changes to the Personal Data Protection Act (PDPA). These amendments will affect all organisations, including sole proprietors, in Singapore and so it is important to understand the implications.  

In accordance with the PDPA, it is now mandatory for all organisations to employ a dedicated Data Protection Officer (DPO). This is to help companies develop and implement policies and procedures and remain compliant with all personal data protection obligations.  

The PDPC has stated these key points: 

  • All organisations, including sole proprietorships, must designate at least one person to become a DPO to ensure the organisation complies with the PDPA. 

  • At least one (if you have more than one) of your DPO’s email or phone details must be available to the public and that person must be easily reached if contacted. 

  • Even though your DPO must be contactable, they do not need to be based in Singapore. 

  • The position does not need to be filled by an employee and can be outsourced to a third party. 

  • The DPO must have the appropriate expertise and knowledge to comply with the PDPA. 

  • You can register your DPO at It is not required under law to disclose the details but you are strongly encouraged to. 

Having your own DPO will help you to mitigate data violations in the growing digital age. The crucial role will involve: 

  • Ensuring compliance with PDPA when developing and implementing policies and processes for handling personal data; 

  • Fostering a data protection culture among employees and communicate personal data protection policies to stakeholders; 

  • Managing personal data protection related queries and complaints; 

  • Alerting management to any risks that might arise with regard to personal data; and 

  • Liaising with the PDPC on data protection matters, if necessary. 

Once you have selected your DPO, if they do not have the relevant skills required it is not a problem. The PDPC has developed a training and competency framework, which has been designed to equip them with all the skills and knowledge they require in order to comply with regulations now and in the future. It also provides the role with professional accreditation. 

An alternative to employing an in-house DPO is to engage CSLB Asia to do the job for you. We have already completed the specialised training and can effectively fulfil your DPO role immediately. This will allow you to hit the ground running, saving you time and disruption, as we professionally handle all the data requirements for you. We are happy to work with you to register as your DPO so you can get compliant immediately! 

In our role as your DPO we will ensure that you: 

  • Remain compliant with PDPA requirements, even as they are updated. 

  • Be able to focus on your core business while adhering to all PDPA obligations. 

  • Leverage CSLB Asia’s readily available knowledge base and capabilities in Data Protection. It is important to comply with the new regulations. Your company collects sensitive data about your customers, employees and members on a daily basis. Failure to protect this data can lead to a fine of up to $1 million per breach under the Act so it makes sense to take action as soon as possible.  

If you have any general questions about the new regulations or you would like to enquire about our DPO services, then please do get in contact with us.