Personal Data Protection Act Amendments
Countries all over the world are concerned about the privacy of the personal data of their citizens. They are taking legal steps to increase the protection to data. On 5 October 2020, Singapore has amended its Personal Data Protection Act of 2012.
Today, technology is advancing at a tremendous rate. A small twitch in it can put our data at risk. The strengthening of the Personal Data Protection Act (PDPA) is necessary. It is an effort on governments’ part to stay on top of these changes.
Singapore also needs to comply with the global regulatory changes in the field of personal data protection. The new amendments will enable it, as as a prominent business hub, to maintain its competitive edge. The investors and customers who share personal data with the companies operating in Singapore need reliable data protection measures against malpractices.
Key Amendments to PDPA
Mandatory Data Breach Reporting
Singapore companies must report every data breach to the
Personal Data Protection Commission (PDPC ). They must, within three days, notify PCPC of any data breaches likely harm the interests of individuals or other businesses.
Higher Financial Penalties
The financial penalty for data breaches is set at 10% of the company’s annual turnover (in excess of SGD 10 million) generated in Singapore. It is SGD 1 million for companies having an annual turnover of less than SGD 10 million.
Expanded Deemed Consent
The improved deemed consent, now, includes:
- Use of personal data to conclude a contract or perform a transaction
- It gives individuals a chance to opt-out of intended data collection. They also need to be notified about the reason behind the intended data collection or use or disclosure of the collected personal data
Mishandling of Personal Data
The amendment introduced new criminal offences to hold individuals accountable for mishandling personal data. It addresses situations where there has been;
- Unauthorised disclosure of personal data because of individual’s knowledge or reckless actions
- An individual, knowingly or recklessly, causing unauthorised use of personal data for a gain/ loss to any other individual
Right to Port Data
Now, individuals can ask an organisation that possesses or controls their personal data to transfer it to another organisation in a machine-readable format.
Companies now cannot send unsolicited messages to telephone numbers. The ‘Do Not Call provisions of the PDPA prohibits it.
PDPA Compliance for Singapore Businesses
Singaporean organisations will need to rethink their approach to comply with Personal Data Protection Act. If the need arises, they will need to retrain their employees to meet the new requirements head-on. It will enable them in fulfilling the expectations of individuals and regulating agencies.
Singapore businesses need to start by reviewing their existing policies on the use and management of consumer data. They need to employ better practices to bridge the gaps where needed. They will also need to review and improve their data breach reporting policies and employ effective procedures.
As per the SBS Consulting Pte Ltd, a company, incorporation services provider, appointing a dedicated Data Protection Officer can prove to be a great help to the businesses in being compliant with the provisions of the Personal Data Protection Act.