PDPA Series: What is PDPA?

The Personal Data Protection Act (PDPA) came into full effect on 2 July 2014, but many organisations in Singapore are still unaware of the policies and practices which they can enforce within their organisation to ensure the personal data are well-protected.

In this PDPA blog series, we will discuss how your organisation can be PDPA-compliant.

The PDPA establishes a law to govern the collection, use, disclosure of personal data by organisations. It recognises that the rights of the individuals to protect their personal data, and allow them the rights to access and correct their data. In addition, it recognises the needs of the organisations to collect, use, disclose personal data for reasonable purposes.

What is considered Personal Data?

Personal data is defined in the PDPA as “data, whether true or not, about an individual who can be identified:
(a) from that data; or
(b) from that data and other information to which the organisation has or is likely to have access”.

The PDPA is applicable in every single private organisation, including private schools, welfare organisations, B2B and B2C Companies, freelancer such as real estate agents and financial consultants. Note that public schools and polytechnics are not governed by the PDPA.

Stay tuned for our next post where we will discuss the first of the 9 obligations of the PDPA.

More information about PDPA is at the PDPC website.