Personal Data Protection Act (PDPA)

Singapore Personal Data Protection Act 2012 (PDPA) is a law that governs the collection, use and disclosure of personal data by all private organisations. The Act has come into full effect on 2nd July 2014 and has been updated recently with new amendments that takes effect on 2 November 2020. Organisations which fail to comply with PDPA may be fined up to $1 million and suffer reputation damage.
Data protection

Are you prepared?

What is PDPA?

1. Purpose Limitation
Only use or disclose personal data for the purposes defined.

2. Notification
Inform the individuals on the purposes for collection, use and disclosure of their personal data during collection.

3. Consent
Ensure that the consent has been obtained from the individuals before collecting, using or disclosure of the personal data.

4. Access and Correction
Upon request, provide the personal data of the individual and information on how the individual’s personal data has been used or disclosed in the past year. Correct an individual’s personal data upon request.

5. Accuracy
Ensure that personal data is accurate and complete during collection or when making a decision which will affect the individual.

6. Protection
Keep personal data in your possession secure from unauthorised access, modification, disclosure, use, copying, whether in hardcopy or electronic form.

7. Retention Limitation
Retain personal data only for business/legal purposes and securely destroy personal data when no longer needed.

8. Transfer Limitation
Ensure overseas external organisations provide a standard of protection comparable to the protection under the Singapore PDPA.

9. Openness
Designate a Data Protection Officer and publish his/her business contact information. Make available personal data protection policies and practices to public and employees, including complaint process.

10. Do-Not-Call (DNC)
Do not send marketing messages to individuals who have registered in the National DNC registry through voice, text messages or fax unless you have obtained their clear and unambiguous consent or have an on-going relationship (for text / fax).

How do you comply?

PDPA Requirements

  • Designate a Data Protection officer (DPO)
  • Map organisation’s Personal Data Inventory, implement personal data protection policy
  • Communicate to employees on the personal data protection policies
  • Incorporate data protection as part of BAU
  • Establish regular compliance program to verify adherence to PDPA requirements

PwC PDPA service offerings

  • Personal Data Protection Support Office
  • Gap Assessment and Framework Development
  • Training / Awareness
  • Personal Data Protection Support Office
  • Compliance Review

Description of PwC services offerings

  • Gap assessment
    • Conduct gap assessment against the PDPA requirements
  • Framework development
    • Define Data Protection Policy and Processes to kick start your compliance program
  • Training / awareness
    • Provide training and awareness programs to employees on organization’s personal data protection policies and processes
  • Personal Data Protection Support Office
    • Offer 360◦ administrative and advisory support for your Data Protection Office
  • Compliance review
    • Perform compliance review and testing against PDPA’s requirements

What are your benefits by engaging PwC?

Depending on the services, your organisation will

  • Stay on track with PDPA requirements
  • Be able to concentrate on core businesses while maintaining PDPA compliance
  • Be able to leverage on PwC readily available knowledge base and capabilities.


Are you prepared?

What is PDPA?

1. Purpose Limitation

Only use or disclose personal data for the purposes defined.

2. Notification

Inform the individuals on the purposes for collection, use and disclosure of their personal data during collection.

3. Consent

Ensure that the consent has been obtained from the individuals before collecting, using or disclosure of the personal data.

4. Access and Correction

Upon request, provide the personal data of the individual and information on how the individual’s personal data has been used or disclosed in the past year. Correct an individual’s personal data upon request.

5. Accuracy

Ensure that personal data is accurate and complete during collection or when making a decision which will affect the individual.

6. Protection

Keep personal data in your possession secure from unauthorised access, modification, disclosure, use, copying, whether in hardcopy or electronic form.

7. Retention Limitation

Retain personal data only for business/legal purposes and securely destroy personal data when no longer needed.

8. Transfer Limitation

Ensure overseas external organisations provide a standard of protection comparable to the protection under the Singapore PDPA

9. Openness

Designate a Data Protection Officer and publish his/her business contact information. Make available personal data protection policies and practices to public and employees, including complaint process.

10. Do-Not-Call (DNC)

Do not send marketing messages to individuals who have registered in the National DNC registry through voice, text messages or fax unless you have obtained their clear and unambiguous consent or have an on-going relationship (for text / fax).

How do you comply?

PDPA Requirements

  • Designate a Data Protection officer (DPO)
  • Map organisation’s Personal Data Inventory, implement personal data protection policy
  • Communicate to employees on the personal data protection policies
  • Incorporate data protection as part of BAU
  • Establish regular compliance program to verify adherence to PDPA requirements

PwC PDPA Service Offerings

  • Personal Data Protection Support Office
  • Gap Assessment and Framework Development
  • Training / Awareness
  • Personal Data Protection Support Office
  • Compliance Review

Description of PwC Services Offerings

Gap Assessment

- Conduct gap assessment against the PDPA requirements

Framework Development

- Define Data Protection Policy and Processes to kick start your compliance program

Training / Awareness

- Provide training and awareness programs to employees on organization’s personal data protection policies and processes

Personal Data Protection Support Office

- Offer 360◦ administrative and advisory support for your Data Protection Office

Compliance Review

- Perform compliance review and testing against PDPA’s requirements

What are your benefits by engaging PwC?

Depending on the services, your organisation will

  • Stay on track with PDPA requirements
  • Be able to concentrate on core businesses while maintaining PDPA compliance
  • Be able to leverage on PwC readily available knowledge base and capabilities.

Contact us

Yap Yee Chin

Director, PwC Singapore

Tel: +65 9733 7148

Michelle Xie

Senior Manager, Digital Solutions, PwC Singapore

Tel: +65 9624 6280

Vandit Bhatia

Director, Digital Solutions, PwC Singapore

Tel: +65 9672 3642

Follow us