Help Your Company Comply with the PDPA in Singapore

What is the PDPA Compliance Group?

PDPA Compliance for Singapore

The PDPA Compliance Group is an organization of independent experts in personal data protection. We are professionally trained and committed to helping organisations in Singapore comply with the PDPA.

iSmart Communications is a partner of the PDPA Compliance Group.

PDPA Compliance
ACRA Registration No. 53394982C
10 Anson Road, #26-08, International Plaza, Singapore 079903

What services does PDPA Compliance provide?

The PDPA Compliance Group provides a comprehensive suite of PDPA services:

  1. Data Protection Officer
  2. Prepare Data Protection Policy
  3. Prepare procedures, processes, & practices for PDPA compliance
  4. Staff training on PDPA
  5. Third party PDPA contract review
  6. Data protection system audit
  7. PDPA Incident management etc.
Contact Us

What is PDPA compliance in Singapore?

Singapore Personal Data Protection Act 2012 (PDPA) is a law that governs the collection, use and disclosure of personal data by all organisations.

Organisations in Singapore which fail to comply with PDPA may be fined up to $1 million and suffer reputation damage.

The PDPA covers all electronic and non-electronic personal data, regardless of whether the personal data is true or false.

What is Personal Data?

Personal data is any information that identifies an individual. Different pieces of information, which collected together can lead to the identification of a particular person, also constitute personal data.

What constitutes a breach of personal data?

A personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data.

Contact Us

Every company in Singapore must appoint a Data Protection Officer (DPO)

Is a DPO mandatory?

Under the Personal Data Protection Act 2012 (PDPA), a Data Protection Officer (DPO) is mandatory when your company/organisation is collecting personal data during its operations. A DPO of your company can be one individual or a team to ensure its compliance with the PDPA of Singapore.

The following are examples of organisations required to appoint a DPO:

  • A hospital processing large sets of sensitive data;
  • A security company responsible for monitoring shopping centres and public spaces;
  • A small headhunting company that profiles individuals.

Who can be a DPO?

A DPO must be competent in data protection, adequately resourced, and report to the highest management level. A DPO can be an existing employee or externally appointed.

What are the roles of a DPO?

The primary role of the Data Protection Officer (DPO) is to ensure that his organisation processes the personal data of its staff, customers, providers or any other individuals in compliance with the PDPA rules.

Specifically, the responsiblities of a DPO are:

  • Developing and implementing processes and policies for the handling of personal data;
  • Increasing awareness of your staff, customers and providers of both these data protection policies and your business’ data protection obligations;
  • Handling queries and complaints regarding your business’ protection of personal data;
  • Keeping management informed of any risks of data protection which may arise; and
  • Communicating with the Personal Data Protection Commission (PDPC), where necessary.
Contact Us

What is the penalty for any breach of the PDPA?

For any breach of the PDPA, an organisation will pay a financial penalty of such amount not exceeding S$1 million as the PDPC thinks fit.

In the case of an individual, he is liable to a fine not exceeding $10,000 or to imprisonment for a term not exceeding 12 months or both.

Does the PDPA cover B2B databases?

The PDPA does not apply to business contact information, which may include name, business title, corporate telephone numbers, business addresses and business email addresses.

Such contact information is made publicly available to facilitate commerce and trade. Organisations will not be required to obtain consent prior to collection, use or disclosure.

In addition, organisations sending business-to-business (B2B) marketing messages through phone calls, SMS or fax are not required to comply with the Do Not Call provisions.

Contact Us

The Complete DIY Guide to Improving Conversion Rates

Be a Conversion Rate Optimization Expert in 60 Days

The Complete DIY Guide to Improving Conversion Rate Optimization

Everything You Need to Start Improving Conversion Rates

Your website is a one-stop shop for all possible information for your business, products, and services. Traffic from a variety of channels — organic, paid, social, email, and more — will visit your website. It is your job, as a marketer, to not only entice them to your website but also to convert them into something more than a just a visitor.

Conversion Rate Optimization (CRO) is the process marketers go through to turn their website visitors into leads, prospects, and eventually, a customer. While a simple term, in theory, it’s not as simple of a process in practice. CRO requires time, dedication, and a willingness to learn.

We know how daunting and time-consuming CRO can be. That’s why we published an 8-week planner to help you learn and implement a CRO process into your marketing strategy. In just 60 days, you will become a CRO expert for your business and website. 

What's Inside the Conversion Rate Optimization Guide?

  • How to conduct a conversion rate audit
  • Construct hypotheses and prioritize them
  • Identify areas to improve in your funnel
  • Choose the right experiment and split testing 101
  • Understand why and what your users do on your site
  • Analyze and learn from your experiment results


Here's a Sneak Peek:
Fill in your name and e-mail address and join hundreds of marketers who have already started! 


Download CRO Guide

By supplying your contact information, you authorise iSmart Communications Pte Ltd to contact you with further information.

* required


Why do I need to fill out the information requested?

We will always keep your personal information safe. We ask for your information in exchange for a valuable resource in order to (a) improve your browsing experience by personalizing the iSmart Communications Pte Ltd site to your needs; (b) send information to you that we think may be of interest to you by email or other means; (c) send you marketing communications that we think may be of value to you. You can read more about our privacy policy here.

Is this really free?

Absolutely. Just sharing some free knowledge that we hope you’ll find useful. Keep us in mind next time you have marketing questions!