In Singapore, data security and protection is governed by the Personal Data Protection Act 2012 (PDPA). The PDPA is administered and enforced by the Personal Data Protection Commission (PDPC). The Act came into effect in 2014 and clearly addresses the collection, use and disclosure of personal data legitimately.
All companies are responsible for the personal data that is under their care and control. To regulate the data and ensure compliance with PDPA’s requirements, companies need to appoint one or more individuals as Data Protection Officer (DPO) to be responsible for handling such matters. Under this Act, the appointment of DPOs is mandatory. More information about the PDPA can be found in their website here.
Roles of a DPO
Generally, the role of the DPO is to ensure that the company’s policies and practices in relation to personal data comply with the Act’s requirement. If done correctly, the DPO may turn data protection into a competitive advantage for the company, which can lead to building trusts with clients and business partners. The DPO can be an individual or a team within the company or an externally appointed third party.
Responsibilities of a DPO
- Ensure company’s data protection policies comply with PDPA
- Introduce and promote a culture of healthy data management habits between staff
- Share data protection policies with staff, clients and business partners
- Be the point of contact for any data protection queries, feedback and complaints
- Highlight any risks regarding personal data to the management
For more information about DPO, click here.
Registering your DPO
You may have received the following email from the government informing you to register your company’s DPO via the Accounting and Corporate Regulatory Authority (ACRA)’s BizFile+.
From April 2020, all business entities registered with ACRA can register and update the DPO’s details (e.g., name, office email and phone) via ACRA’s BizFIle+ portal. Even though it is not mandatory under the Act to register the DPO’s details with PDPC or ACRA, companies are strongly encouraged to do so. By registering, it will help DPOs with being updated with relevant data protection developments in Singapore. You may register your DPO here.
What happens if there is a breach of personal data?
In spite of the company’s best efforts to enforced measures for data protection and security such as implementing and/or enhancing IT security systems with anti-viruses and firewalls, there may be instances with a breach could happen. Companies found guilty of breaching any of the PDPA regulations can face financial penalties depending on the breach that has occurred. Do note that penalties imposed are on the company and not on the DPOs.
- - -
At Inter Group, we view data security and protection as a very serious and important matter. We have adopted strict data protection policies that are compliant with the Act. You may refer to our Privacy Policy here.
For us, we would encourage our clients to lodge their DPO’s details in BizFile+. By doing, our clients satisfy the requirement as set out in PDPA.
What happens if there is a breach of personal data?
In spite of the company’s best efforts to enforced measures for data protection and security such as implementing and/or enhancing IT security systems with anti-viruses and firewalls, there may be instances with a breach could happen. Companies found guilty of breaching any of the PDPA regulations can face financial penalties depending on the breach that has occurred. Do note that penalties imposed are on the company and not on the DPOs.
- - -
At Inter Group, we view data security and protection as a very serious and important matter. We have adopted strict data protection policies that are compliant with the Act. You may refer to our Privacy Policy here.
For us, we would encourage our clients to lodge their DPO’s details in BizFile+. By doing, our clients satisfy the requirement as set out in PDPA.
Being compliant means that you are being more transparent to regulators, clients as well as your business partners when it comes to the data you are storing. They will feel at ease knowing that their data is stored safely and securely, thus instilling trust and brand loyalty.
