šøš¬ Singapour
Informations
Extracts :
Extract :
No mention of the subject rignt related to Citizens outside their jurisdiction
2021
Reference :
Singapore Data protection overview | DataGuidance
(Data Protection Overview 2021)/ DataGuidance reports
Extracts :
Extract :
No mention of the subject rignt related to Persons within their jurisdiction
2021
Reference :
Singapore Data protection overview | DataGuidance
(Data Protection Overview 2021)/ DataGuidance reports
Extracts :
Extract :
No mention of the subject rignt related to Legal entities
2021
Reference :
Singapore Data protection overview | DataGuidance
(Data Protection Overview 2021)/ DataGuidance reports
Extracts :
Extract :
No mention of the data controller's obligation/responsibility to Organizations located outside the jurisdiction processing regulated subjects data.
2021
Reference :
Singapore Data protection overview | DataGuidance
(Data Protection Overview 2021)/ DataGuidance reports
Extracts :
Extract :
"With regard to extraterritorial scope, the GDPR applies to data controllers and data processors that do not have a presence in the EU
but have processing activities that take place in the EU. Similarly, the PDPA applies to all organisations which are not a public agency,
whether or not they are formed or recognised under the laws of Singapore, or resident or have an office or a place of business in
Singapore."
2022
Reference :
GDPR vs countries' comparison | DataGuidance
Comparison of GDPR vs countries' data protection laws, definitions etc. - SGP
Extracts :
Extract :
Extracts :
Extract :
Extracts :
Extract :
Data entered based on reference.
2022
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
Data entered based on reference.
2022
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
Data entered based on reference.
2022
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
Data entered based on reference.
2022
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
Data entered based on reference.
2022
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
Data entered based on reference.
2022
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
Data entered based on reference.
2022
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
Data entered based on reference.
2022
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
Data entered based on reference.
2022
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
Data entered based on reference.
2022
Reference :
Singapore Data protection overview | DataGuidance
Updated DataGuidance reports
Extracts :
Extract :
Data entered based on reference.
2022
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
Data entered based on reference.
2022
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
Data entered based on reference.
2022
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
Data entered based on reference.
2022
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
Data entered based on reference.
2022
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
Data entered based on reference.
2022
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
Data entered based on reference.
2022
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
"Depending on the violation, the PDPC may impose a financial penalty of up to SGD 1 million (approx. ā¬629,540) or 10% of the organisation's annual turnover in Singapore (where the organisation's annual turnover in Singapore exceeds SGD 10 million (approx. ā¬6,295,440)), whichever is higher. The revised financial penalty caps are to take effect no earlier than 1 February 2022."
2021
Reference :
GDPR vs countries' comparison | DataGuidance
Comparison of GDPR vs countries' data protection laws, definitions etc. - SGP
Extracts :
Extract :
"Depending on the violation, the PDPC may impose a financial penalty of up to SGD 1 million (approx. ā¬629,540) or 10% of the organisation's annual turnover in Singapore (where the organisation's annual turnover in Singapore exceeds SGD 10 million (approx. ā¬6,295,440)), whichever is higher. The revised financial penalty caps are to take effect no earlier than 1 February 2022."
2021
Reference :
GDPR vs countries' comparison | DataGuidance
Comparison of GDPR vs countries' data protection laws, definitions etc. - SGP
Extracts :
Extract :
"Non-compliance with certain PDPA's Do Not Call provisions is a criminal offense and punishable upon conviction with a fine not exceeding USD 7,400 and/or imprisonment for a term not exceeding three years and, in the case of a continuing offense, to a further fine not exceeding USD 740 for every day or part thereof during which the offense continues after conviction.
Submitting an access or correction request to obtain access or change the personal data about another individual without the authority of the individual is a criminal offense and is punishable upon conviction with a fine not exceeding USD 3,700 and/or to imprisonment for a term not exceeding 12 months for individuals.
Alteration, falsification, concealment, disposal of or destruction of records containing personal data or about the collection, use or disclosure of personal data with an intent to evade an access or correction request is a criminal offense and is punishable upon conviction with a fine not exceeding USD 3,700 for individuals and USD 37,000 for organizations.
Obstruction or making of false or misleading statements is a criminal offense and is punishable upon conviction with a fine not exceeding USD 7,400 and/or imprisonment for a term not exceeding 12 months for individuals; or a fine not exceeding USD 74,000 for organizations.
Knowing or reckless unauthorized disclosure of personal data; knowing or reckless unauthorized use of personal data for a wrongful gain or wrongful loss to any person; and knowing or reckless unauthorized re-identification of anonymized data is a criminal offense and is punishable upon conviction with a fine not exceeding SGD 5,000 or imprisonment for a term not exceeding two years, or both. Individuals acting under the authority of the organization will not be held individually liable."
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
Data entered based on reference.
2022
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
Data entered based on reference.
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
Data entered based on reference.
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
" The PDPA provides that any person who suffers loss or damage directly as a result of a contravention of any of the data protection provisions in Part IV, V, VI, VIA or VIB of the PDPA by an organisation or contravention of any provisions of Division 3 of Part IX or IXA by a person may commence a private civil action in respect of such loss or damage suff-
ffered."
2021
Reference :
GDPR vs countries' comparison | DataGuidance
Comparison of GDPR vs countries' data protection laws, definitions etc. - SGP
Extracts :
Extract :
"Non-compliance with certain PDPA's Do Not Call provisions is a criminal offense and punishable upon conviction with a fine not exceeding USD 7,400 and/or imprisonment for a term not exceeding three years and, in the case of a continuing offense, to a further fine not exceeding USD 740 for every day or part thereof during which the offense continues after conviction.
Submitting an access or correction request to obtain access or change the personal data about another individual without the authority of the individual is a criminal offense and is punishable upon conviction with a fine not exceeding USD 3,700 and/or to imprisonment for a term not exceeding 12 months for individuals.
Alteration, falsification, concealment, disposal of or destruction of records containing personal data or about the collection, use or disclosure of personal data with an intent to evade an access or correction request is a criminal offense and is punishable upon conviction with a fine not exceeding USD 3,700 for individuals and USD 37,000 for organizations.
Obstruction or making of false or misleading statements is a criminal offense and is punishable upon conviction with a fine not exceeding USD 7,400 and/or imprisonment for a term not exceeding 12 months for individuals; or a fine not exceeding USD 74,000 for organizations.
Knowing or reckless unauthorized disclosure of personal data; knowing or reckless unauthorized use of personal data for a wrongful gain or wrongful loss to any person; and knowing or reckless unauthorized re-identification of anonymized data is a criminal offense and is punishable upon conviction with a fine not exceeding SGD 5,000 or imprisonment for a term not exceeding two years, or both. Individuals acting under the authority of the organization will not be held individually liable."
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
Data entered based on reference.
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
"The GDPR contains provisions addressing when data controllers need to conduct DPIAs. The PDPA similarly contains provisions, albeit in the context of exceptions to obtaining consent from data subjects for data processing."
2021
Reference :
GDPR vs countries' comparison | DataGuidance
Comparison of GDPR vs countries' data protection laws, definitions etc. - SGP
Extracts :
Extract :
"Unlike the GDPR, the PDPA does not provide a definition of pseudonymised data."
2021
Reference :
GDPR vs countries' comparison | DataGuidance
Comparison of GDPR vs countries' data protection laws, definitions etc. - SGP
Extracts :
Extract :
"Organisations have a mandatory Data Breach Notification Obligation to notify the PDPC and/or affected individuals of data breaches if it is (or if it is likely to) result in significant harm to the affected individuals ('Significant Harm Breach') or of a significant scale (involving the personal data of 500 or more individuals) ('Significant Scale Breach'). ... "
2021
Reference :
GDPR vs countries' comparison | DataGuidance
Comparison of GDPR vs countries' data protection laws, definitions etc. - SGP
Extracts :
Extract :
"Organisations have a mandatory Data Breach Notification Obligation to notify the PDPC and/or affected individuals of data breaches if it is (or if it is likely to) result in significant harm to the affected individuals ('Significant Harm Breach') or of a significant scale (involving the personal data of 500 or more individuals) ('Significant Scale Breach'). ... "
2021
Reference :
GDPR vs countries' comparison | DataGuidance
Comparison of GDPR vs countries' data protection laws, definitions etc. - SGP
Extracts :
Extract :
There is no comment by DataGuidance.
2021
Reference :
GDPR vs countries' comparison | DataGuidance
Comparison of GDPR vs countries' data protection laws, definitions etc. - SGP
Extracts :
Extract :
Data entered based on reference.
2022
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
Data entered based on reference.
2022
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
"Additionally, organisations are also subject to the Protection Obligation. An organisation must protect personal data in its possession or under its control by making reasonable security arrangements to prevent unauthorised access, collection, use, disclosure, copying, modification, disposal, or similar risks, and the loss of any storage medium or device on which personal data is stored. "
2022
Reference :
Singapore Data protection overview | DataGuidance
Updated DataGuidance reports
Extracts :
Extract :
"Individuals have the right to withdraw their consent to the collection, use, or disclosure of their personal
data at any time by giving reasonable notice. However, the withdrawal of consent will not affect any legal consequences arising from such withdrawal.
With regard to the withdrawal of consent, data subjects should be cognisant of the fact that the withdrawal of certain types of consent may affect the ability of the organisation to continue providing them
with the requested services."
2021
Reference :
Singapore Data protection overview | DataGuidance
(Data Protection Overview 2021)/ DataGuidance reports
Extracts :
Extract :
"There is currently no right to data portability. However, the Amendment Act contains a set of provisions relating to data portability which are yet to come into force. These provisions will impose an obligation for a porting organisation to transmit personal data upon an individualās request to a receiving organisation (in Singapore or in a prescribed foreign country or territory). The obligation is expected to apply to personal data in the possession or under the control of the porting organisation if such personal data belongs to a class of personal data that is prescribed in the regulations and if the requesting individual has an ongoing relationship with the porting organisation. The data portability rule is not, however, expected to apply to certain types of data including āderived personal dataā, which is personal data about an individual that is derived by the organisation in the course of business from other personal data."
2022
Reference :
Data Protection in different countries | Linklaters
Database for comparing other databases for the same information on data protection
Link to reference Extracts :
Extract :
"8.7. Right not to be subject to automated decision-making
The PDPA does not provide individuals with a right not to be subject to a decision based solely on automated
processing."
2021
Reference :
Singapore Data protection overview | DataGuidance
(Data Protection Overview 2021)/ DataGuidance reports
Extracts :
Extract :
"8.1. Right to be informed
While there is no standalone right to be informed under the PDPA, organisations are subject to several
data protection obligations under the PDPA which require them to provide notification to the individual
data subject under certain circumstances."
2021
Reference :
Singapore Data protection overview | DataGuidance
(Data Protection Overview 2021)/ DataGuidance reports
Extracts :
Extract :
"8.1. Right to be informed
While there is no standalone right to be informed under the PDPA, organisations are subject to several
data protection obligations under the PDPA which require them to provide notification to the individual
data subject under certain circumstances."
2021
Reference :
Singapore Data protection overview | DataGuidance
(Data Protection Overview 2021)/ DataGuidance reports
Extracts :
Extract :
"8.2. Right to access
Organisations are subject to the Access Obligation under the PDPA. An organisation must allow an individual
to access his personal data in its possession or under its control upon request."
2021
Reference :
Singapore Data protection overview | DataGuidance
(Data Protection Overview 2021)/ DataGuidance reports
Extracts :
Extract :
"8.3. Right to rectification
Organisations are subject to the Correction Obligation. An organisation must allow an individual to correct
his personal data in its possession or under its control upon request."
2021
Reference :
Singapore Data protection overview | DataGuidance
(Data Protection Overview 2021)/ DataGuidance reports
Extracts :
Extract :
Data entered based on reference.
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
Data entered based on reference.
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
Data entered based on reference.
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
"Organisations are subject to the Transfer Limitation Obligation. An organisation must not transfer personal data to a country or territory outside Singapore except in accordance with the requirements prescribed under the PDPA to ensure that the transferred personal data will be accorded a standard of protection that is comparable to that under the PDPA."
2023
Reference :
Singapore Data protection overview | DataGuidance
Updated DataGuidance reports
Extracts :
Extract :
There are no provisions of this type.
2023
Reference :
Singapore Data protection overview | DataGuidance
Updated DataGuidance reports
Extracts :
Extract :
"There are a few express situations whereby an organisation can be taken to have satisfied the requirement of taking appropriate steps to ensure that the recipient outside Singapore is bound by legally enforceable obligations to protect personal data in accordance with comparable standards. These include:
where the individual consents to, or is deemed to have consented to, the transfer of the personal data to the recipient in that country;
where the transfer is necessary for a use or disclosure in certain situations where the consent of the individual is not required under the PDPA, subject to the transferring organisation taking reasonable steps to ensure that the personal data will not be used or disclosed by the recipient for any other purpose; and
where the personal data is data in transit or publicly available in Singapore."
2023
Reference :
Singapore Data protection overview | DataGuidance
Updated DataGuidance reports
Extracts :
Extract :
"Organisations are subject to the Transfer Limitation Obligation. An organisation must not transfer personal data to a country or territory outside Singapore except in accordance with the requirements prescribed under the PDPA to ensure that the transferred personal data will be accorded a standard of protection that is comparable to that under the PDPA.
To do so, the organisation must generally ensure that the recipients of such personal data are bound by legally enforceable obligations to provide to the transferred personal data a standard of protection that is at least comparable to the protection under the PDPA. These 'legally enforceable obligations' include those imposed under law, contract. Binding Corporate Rules ('BCRs'), or any other legally binding instrument."
2023
Reference :
Singapore Data protection overview | DataGuidance
Updated DataGuidance reports
Extracts :
Extract :
Data entered based on reference.
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
Data entered based on reference.
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
Data entered based on reference.
2022
Reference :
International Data transfer Agreements | DataGuidance
Comparison of international data transfer agreements
Extracts :
Extract :
Data entered based on reference.
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
Extracts :
Extract :
Data entered based on reference.
Reference :
International Data transfer Agreements | DataGuidance
Comparison of international data transfer agreements
Extracts :
Extract :
Data entered based on reference.
2022
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
Data entered based on reference.
2022
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
Data entered based on reference.
2022
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
Data entered based on reference.
2022
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
"Both the GDPR and the PDPA provide for the appointment of a data protection officer ('DPO'). However, unlike the GDPR, the PDPA does not provide a definition of a DPO."
2021
Reference :
GDPR vs countries' comparison | DataGuidance
Comparison of GDPR vs countries' data protection laws, definitions etc. - SGP
Extracts :
Extract :
Data entered based on reference.
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
"An organisationās data protection officer is generally responsible for ensuring its compliance with the PDPA. These responsibilities may extend to: (i) ensuring that the organisationās policies and processes developed or implemented for handling personal data are compliant with the PDPA; (ii) fostering a data protection culture among employees and communicating personal data protection policies to stakeholders; (iii) managing personal data protection related queries (e.g. access or correction requests) and complaints from the public; (iv) alerting management to any risks that might arise with regard to personal data; and (v) being the point of contact for the Commission on any data protection matters."
2022
Reference :
Data Protection in different countries | Linklaters
Database for comparing other databases for the same information on data protection
Link to reference Extracts :
Extract :
There is no information on this.
2023
Reference :
Appointing a Data Protection Officer for your business in singapore: the ultimate guide
Information on Singapore DPO
Link to reference Extracts :
Extract :
Apart from controller details, there is not much in terms of information provision.
2023
Reference :
Singapore Data protection overview | DataGuidance
Updated DataGuidance reports
Extracts :
Extract :
Apart from controller details, there is not much in terms of information provision.
2023
Reference :
Singapore Data protection overview | DataGuidance
Updated DataGuidance reports
Extracts :
Extract :
Apart from controller details, there is not much in terms of information provision.
2023
Reference :
Singapore Data protection overview | DataGuidance
Updated DataGuidance reports
Extracts :
Extract :
Nothing on this.
2023
Reference :
Singapore Data protection overview | DataGuidance
Updated DataGuidance reports
Extract :
Extracts :
Extract :
Nothing on this
2023
Reference :
Singapore Data protection overview | DataGuidance
Updated DataGuidance reports
Extract :
Extracts :
Extract :
Nothing on this
2023
Reference :
Singapore Data protection overview | DataGuidance
Updated DataGuidance reports
Extract :
Extracts :
Extract :
Nothing on this
2023
Reference :
Singapore Data protection overview | DataGuidance
Updated DataGuidance reports
Extract :
Extracts :
Extract :
Nothing on this
2023
Reference :
Singapore Data protection overview | DataGuidance
Updated DataGuidance reports
Extract :
Extracts :
Extract :
Extracts :
Extract :
Data entered based on reference.
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
"The PDPA does not impose an obligation on organisations to maintain a record of processing activities. However, the PDPC has indicated in its Advisory Guidelines on Key Concepts that organisations should keep a record of all access requests received and processed, documenting clearly whether the requested access was provided or rejected, as proper documentation may help an organisation in the event of a dispute or an application to the PDPC for a review."
2021
Reference :
GDPR vs countries' comparison | DataGuidance
Comparison of GDPR vs countries' data protection laws, definitions etc. - SGP
Extracts :
Extract :
Data entered based on reference.
2022
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference | Name | Short name | Classification | Jurisdiction | Year of creation |
|---|---|---|---|---|
| Personal Data Protection Commission (PDPC) | PDPC | Regulator | Under the government authority | 2012 |
| Legal text name | Original text name | Legislation type | Year signed | Regulation status | In effect since | Latest update initiated | Latest update areas | Latest update signed year |
|---|