Out-Law News 1 min. read

Singapore data protection law will come into force on 2 January

Singapore's new Personal Data Protection Act (PDPA) will come into force on 2 January, the Ministry of Communications and Information (MCI) in Singapore has announced. It has named the makeup of the two supervisory bodies to oversee and advise on the Act.

The PDPA was passed by Singapore's parliament in October and governs the way that companies collect, use, disclose and process personal data. It does not apply to public bodies.

The MCI announced the membership of the Personal Data Protection Commission (PDPC), which will administer the PDPA, and the Data Protection Advisory Committee, which will advise on the law.

The PDPC will be responsible for promoting awareness of data protection and administering and enforcing the proposed law, the Singapore government has previously said.

The PDPC will be able to fine businesses up to SIN$100,000 for obstructing the performance of its duties. Businesses that falsify personal data records or information regarding the collection, use or disclosure of personal data will face fines of up to SIN$50,000.

Under the PDPA organisations will generally be required to obtain individuals' consent in order to collect, use or disclose their personal data, the government previously said. However, there are exceptions to the rule that allow organisations to legitimately carry out any of those activities without consent.

Collecting personal data without consent is legitimate if it is in the national interests, if it is in order to recover debts, to be used by the media for its news operations or to allow employers to manage the "employment relationship" with staff, among other examples.

Personal data can be used or disclosed without the consent of individuals for "research purposes" under certain conditions, according to one of the number of exceptions to the consent requirement rule.

The collection, use or disclosure of personal data must in all cases be "for purposes that a reasonable person would consider appropriate in the circumstances" and providing the individual to whom the information relates is informed about those purposes prior to the collection, use or disclosure taking place.

Data protection expert Rosemary Lee of Pinsent Masons MPillay, the Singapore joint law venture partner of Pinsent Masons, the law firm behind Out-Law.com, previously said http://www.out-law.com/en/articles/2012/october/new-data-protection-law-passed-by-singapore-parliament/ that multinationals setting up business or processing personal data on servers based in Singapore will be less affected by the costs of compliance than small and medium sized firms

"Small and medium enterprises however may face increased costs in ensuring their business practices and operations are compliant with the new data protection requirements, as well as uncertainty in determining the appropriate security arrangements to be implemented. The Personal Data Protection Commission will be issuing advisory and compliance guidelines which would assist organisations in working towards compliance during the sunrise period," she said.

We are processing your request. \n Thank you for your patience. An error occurred. This could be due to inactivity on the page - please try again.