For example, encryption, password protection, 2-factor authentication (2FA), etc.
Provides Reassurance to Visitors Who have Shared their Personal Data with Your Website
With the high-profile cyberattack on SingHealth between June and July 2018 and the similar 2014 attack on SingPass where people’s personal data was stolen, visitors are getting more cautious about the risk of identity theft when they type their personal data into a website form.
While the high-profile cyberattacks are on high-profile companies, hundreds of cyberattacks against Singapore-hosted websites take place every year and they are predominantly targeted at the websites of small companies.
Protects Your Company Against Legal Implications
If properly drafted and complied with, it may also help to protect you from regulatory action by bodies such as Singapore’s Personal Data Protection Commission that might be taken pursuant to any complaints from the public.
The most important of these factors is where the visitors to your website are likely to be located. This will determine under what country’s laws you owe privacy obligations to them.
If Your Website’s Visitors are Located in Singapore
If most of your visitors will be in Singapore, then the law governing their privacy is the Personal Data Protection Act (PDPA).
The PDPA requires that you obtain your visitors’ consent to collect whatever data you are collecting from them, for whatever purposes you need to use it.
If Your Website’s Visitors are Located within the European Union or European Economic Area
If some of your visitors are located within the European Union or the European Economic Area (even if your company is not located within either area), then the applicable law is the General Data Protection Regulation (GDPR).
This law was introduced in May 2018 and grants European residents a wide range of privacy rights. For more information, see our guide on how Singapore companies can comply with the GDPR.
- The industry your company operates in;
- The purpose and content of your website;
- The kinds of personal data collected by your website;
- How you need to use, retain and share the data you collect in order to run your business; and
- The kinds of third-parties with whom you need to share the personal data collected and how they will use it.
- How this information is stored
- When this information may be shared with third-parties
- What purpose(s) such information may be shared with these third-parties for
- What happens to this information
- The steps you take to prevent this information from falling into the wrong hands
Because of the bespoke nature of privacy policies, it is advisable to engage a lawyer to draft one for your website rather than trying to draft one yourself.
The pricing by law firms of this service is usually extremely competitive and affordable.
They will sit down with you to figure out how the factors above apply to your company, what your company’s data collection and retention needs actually are and come up with a policy that’s actually usable for your company.
- Where the company operates;
- Who the company’s visitors are; and
- What the company does.
Then, try to use their privacy policies to synthesise and adapt a policy that works for your company.
Again, this is highly inadvisable unless there is someone in your company with specialised expertise in this area.
Even then, ultimately diverting them from their work for a day may prove to be a false economy compared to the cost of engaging an experienced lawyer to do the same thing more quickly and effectively.
- What are Annual General Meetings (AGMs) in Singapore?
- Anti-Money Laundering Regulations and Your Business: What You Need to Know
- Price-Fixing, Bid-Rigging and Other Anti-Competitive Practices to Avoid
- Dividend Payments Guide for Singapore Business Owners
- Company Audits in Singapore: Requirements and Exemptions
- Guide to Transferring Shares in a Singapore Private Company
- How to Hold Extraordinary General Meetings (EGMs) in Singapore
- How to Issue Shares in a Singapore Private Company
- How to Reduce the Share Capital of Your Singapore Company
- Legally Conducting Lucky Draws for Singapore Businesses
- Dormant Companies and Their Filing Obligations in Singapore
- How to Hold a Board Meeting in Singapore
- Can Directors be Liable for Company Debts in Singapore?
- Paid-Up Capital in Singapore: A Complete Guide (Is $1 Enough?)
- Restaurant Inspection and Food Safety Rules in Singapore
- Preparing a Register of Shareholders for a Singapore Company
- Essential Regulatory Compliance Guide for Singapore Companies
- Finding a Suitable Corporate Secretarial Firm in Singapore
- Oppression of Minority Shareholders
- Process Agents in Singapore
- Shadow Directors: Who are They and What Duties Do They Owe to the Company?
- Guide to Directors' Remuneration in Singapore
- 3 Types of Insurance Every Singapore Business Needs
- How to Change the Name of Your Singapore Company
- How to Remove a Director from a Company in Singapore
- Appointing Company Directors in Singapore: Eligibility, Process etc.
- Company Loans to Directors/Shareholders (& Vice Versa) in Singapore
- Share Transmission: What Happens If a Shareholder Dies in Singapore?
- Business Will: How to Pass on Your Business to Your Successors in Singapore
- Shareholder Rights in Singapore Private Companies
- Removal and Resignation of Company Auditor in Singapore
- Shareholder Roles and Obligations in Singapore Companies
- Creating and Registering Charges in Singapore: Guide for Companies
- How to Commence a Derivative Action on Behalf of a Company in Singapore
- Managing Director vs CEO in Singapore: Roles and Obligations
- Appointing an Authorised Representative for Foreign Companies in Singapore
- Business Partnership Disputes in Singapore: How to Resolve
- Guide to Effective Business Continuity Planning in Singapore
- Buy-Sell Agreements: How to Write & Fund Them in Singapore
- Appointing a Company Secretary: Roles and Responsibilities
- Directors' Duties in Singapore
- Company Constitutions in Singapore and How to Draft One
- Company Memorandum and Articles of Association
- Minutes of Company Meeting in Singapore: How to Record
- Guide to Filing Financial Statements for Singapore Business Owners
- Filing Annual Returns For Your Business
- Memorandum of Understanding (MOU): Does Your Business Need One?
- Company Resolutions: What are They?
- Board Resolutions in Singapore
- Guide and Template for Notice of Extraordinary General Meeting
- How to Set Up a Register of Controllers
- How to Set Up a Register of Nominee Directors
- Your Guide to Resolutions Passed at a First Directors’ Meeting
- Your Guide to Resolutions to Appoint a Company Secretary
- Your Guide to Resolutions for Authority to Act on a Share Purchase and Subscription Agreement
- Your Guide to Shareholders’ Resolutions for Share Allotments
- Your Guide to Resolution for Authorisation of Investment in the Shares of Another Company
- Your Guide to Share Certificates in Singapore: Usage and How to Prepare
- Your Guide to Resolution for Transfer of Shares
- Your Guide to Resolution for Change of Registered Address
- Your Guide to Board Resolution for Approval/Allotment of Shares
- Your Guide to Resolutions to Increase a Company's Share Capital
- What is Withholding Tax and When to Pay It in Singapore
- Singapore Influencers: Here's How to Calculate Your Income Tax
- Corporate Tax in Singapore: How to Pay, Tax Rate, Exemptions
- When to Register for GST, How and Responsibilities after Registration
- Start-Up Tax Exemption Guide for New Singapore Companies
- Tax Investigation of Tax-Evading Business Owners in Singapore
- Small Business Accounting Services in Singapore
- Essential PDPA Compliance Guide for Singapore Businesses
- Cloud Storage of Personal Data: Your Business’ Data Protection Obligations
- How Can Companies Dispose of Documents Containing Personal Data?
- Here's a 7-Step Plan for Companies to Prevent Unauthorised Disclosure When Processing and Sending Personal Data
- Appointing a Data Protection Officer For Your Business: All You Need to Know
- Summary: Your Organisation's 9 Main PDPA Obligations
- Check the Do-Not-Call Registry Before Marketing to Singapore Phone Numbers
- GDPR Compliance in Singapore: Is it Required and How to Comply
- Is It Legal for Businesses to Ask for Your NRIC in Singapore?
- PDPA Consent Requirements: How Can Your Business Comply?
- Legal Options If Employees Breach Confidentiality in Singapore
- Insolvency: Claw-back of Assets from Unfair Preference and Undervalued Transactions
- Striking Off a Company
- What Should a Creditor Do When a Company Becomes Insolvent?
- Dissolution of partnerships in Singapore
- Validation of Payments Made by Companies Being Wound Up
- Can a Company that Struck Itself Off the Register Later Apply to Restore Itself?
- Closing Your Singapore Business: What You Need to Settle
- How to File a Proof of Debt against a Company in Liquidation
- Winding Up a Company