The PDPA establishes a data protection law that comprises various rules governing the collection, use, disclosure and care of personal data.

It recognises both the rights of individuals to protect their personal data, including rights of access and correction, and the needs of organisations to collect, use or disclose personal data for legitimate and reasonable purposes.

The PDPA provides for the establishment of a national Do Not Call (DNC) Registry.

The DNC Registry allows individuals to register their Singapore telephone numbers to opt out of receiving marketing phone calls, mobile text messages such as SMS or MMS, and faxes from organisations.

---

WHAT IS REQUIRED BY THE LAW?

Under Section 12 of the Personal Data Protection Act, an organisation must

1. Develop and implement policies and practices to comply with the PDPA
2. Develop a process to handle queries and complaints
3. Communicate to its staff the organisation’s policies and practices; and
4. Adopt an openness policy on PDPA compliance.

Under Section 11(3) of the Personal Data Protection Act, an organisation must appoint at least one Data Protection Officer to comply with the PDPA.

---

HOW CAN YTK DPA HELP YOUR ORGANISATION IN COMPLIANCE?

1. Conduct a readiness assessment on PDPA compliance
2. Identify gaps in your policy and practices
3. Generate a compliance manual for you (based on your identified office/business practices)
4. Train your DPO on his/her responsibilities
5. Assist to develop training material for PDPA training to staff
6. Track progress and advise on further developments on PDPA.