The PDPA Compliance Group is an organization of independent experts in personal data protection. We are professionally trained and committed to helping organisations in Singapore comply with the PDPA.
iSmart Communications is a partner of the PDPA Compliance Group.
ACRA Registration No. 53394982C
10 Anson Road, #26-08, International Plaza, Singapore 079903
The PDPA Compliance Group provides a comprehensive suite of PDPA services:
Singapore Personal Data Protection Act 2012 (PDPA) is a law that governs the collection, use and disclosure of personal data by all organisations.
Organisations in Singapore which fail to comply with PDPA may be fined up to $1 million and suffer reputation damage.
The PDPA covers all electronic and non-electronic personal data, regardless of whether the personal data is true or false.
Personal data is any information that identifies an individual. Different pieces of information, which collected together can lead to the identification of a particular person, also constitute personal data.
A personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data.
Under the Personal Data Protection Act 2012 (PDPA), a Data Protection Officer (DPO) is mandatory when your company/organisation is collecting personal data during its operations. A DPO of your company can be one individual or a team to ensure its compliance with the PDPA of Singapore.
The following are examples of organisations required to appoint a DPO:
A DPO must be competent in data protection, adequately resourced, and report to the highest management level. A DPO can be an existing employee or externally appointed.
The primary role of the Data Protection Officer (DPO) is to ensure that his organisation processes the personal data of its staff, customers, providers or any other individuals in compliance with the PDPA rules.
Specifically, the responsiblities of a DPO are:
For any breach of the PDPA, an organisation will pay a financial penalty of such amount not exceeding S$1 million as the PDPC thinks fit.
In the case of an individual, he is liable to a fine not exceeding $10,000 or to imprisonment for a term not exceeding 12 months or both.
The PDPA does not apply to business contact information, which may include name, business title, corporate telephone numbers, business addresses and business email addresses.
Such contact information is made publicly available to facilitate commerce and trade. Organisations will not be required to obtain consent prior to collection, use or disclosure.
In addition, organisations sending business-to-business (B2B) marketing messages through phone calls, SMS or fax are not required to comply with the Do Not Call provisions.
FREQUENTLY ASKED QUESTIONS
Why do I need to fill out the information requested?
Is this really free?
Absolutely. Just sharing some free knowledge that we hope you’ll find useful. Keep us in mind next time you have marketing questions!