Summary: Your Organisation’s 9 Main Obligations under the Personal Data Protection Act

Last updated on December 27, 2018

Featured image for the "Summary: Your Organisation's 9 Main Obligations under the Personal Data Protection Act" article. It features a businessman touching a padlock icon.

Your organisation is required to abide by the Personal Data Protection Act (PDPA) when using, collecting or disclosing personal data.

The 9 main personal data obligations under the PDPA are:

  1. Consent Obligation
  2. Purpose Limitation Obligation
  3. Notification Obligation
  4. Access and Correction Obligation
  5. Accuracy Obligation
  6. Protection Obligation
  7. Retention Limitation Obligation
  8. Transfer Limitation Obligation
  9. Openness Obligation

Here is a summary of each of them.

1. Consent Obligation

Your organisation may only collect, use and/or disclose the personal data of individuals who have consented to such collection, use and/or disclosure.

These individuals must also be given the option to withdraw their consent, subject to them giving reasonable notice. Upon the withdrawal of consent, your organisation must cease collecting, using and/or disclosing the personal data of these individuals.

Read more about the PDPA’s Consent Obligation in our other article.

2. Purpose Limitation Obligation

Your organisation may only collect, use and/or disclose personal data of individuals for the purpose(s) for which consent have been given by these individuals.

These individuals should also not be required to consent to the collection, use and/or disclosure of their personal data beyond what is reasonable for the organisation to provide a particular product or service.

3. Notification Obligation

Your organisation should inform individuals of the purpose(s) for which their personal data is being collected, used and/or disclosed.

4. Access and Correction Obligation

Your organisation is obliged to provide information to individuals, upon request and as soon as reasonably possible, on:

  • What personal data of theirs is in your organisation’s possession or under its control; and
  • How such personal data has been used or disclosed within 1 year of the request.

Also, should an individual request that the organisation rectify any error or omission in his or her personal data, your organisation must accede to the request as soon as practicable.

5. Accuracy Obligation

Your organisation should ensure that the personal data collected by the organisation is accurate and complete.

6. Protection Obligation

Your organisation should put in place the required security measures to protect the personal data in its possession or control. This is to prevent any unauthorised access, collection, use and/or disclosure of such data.

Examples of when the protection obligation applies would be when your organisation is processing and sending personal data, or disposing of documents containing personal data.

7. Retention Limitation Obligation

Your organisation should retain the personal data for only as long as is necessary for business or legal purposes.

8. Transfer Limitation Obligation

If your organisation is transferring the personal data overseas, such as storing the data in the cloud, ensure that the country to which the data is being transferred offers a comparable level of data protection as is provided by the PDPA.

9. Openness Obligation

Your organisation should be open to sharing information about its data protection practices, policies and complaints processes upon request.

For example, your organisation’s privacy policy can state that individuals who wish to know more the organisation’s data protection policies can get in touch with its data protection officer, and also provide means of contacting that officer.

Compliance
  1. Annual General Meetings (AGMs) in Singapore: What are They?
  2. Anti-Money Laundering Regulations and Your Business: What You Need to Know
  3. Price-Fixing, Bid-Rigging and Other Anti-Competitive Practices to Avoid
  4. The Business Owner’s Guide to Dividend Payments in Singapore
  5. Company Audits in Singapore: Requirements and Exemptions
  6. How to Transfer Shares in a Singapore Private Company: The Essential Guide
  7. How to Hold an Extraordinary General Meeting (EGM) in Singapore
  8. How to Issue Shares in a Singapore Private Company
  9. How to Reduce the Share Capital of Your Singapore Company
  10. How Businesses Can Legally Conduct Lucky Draws in Singapore
  11. Dormant Companies and Their Filing Obligations in Singapore
  12. How to Hold a Board Meeting in Singapore
  13. Essential Regulatory Compliance Guide for Singapore Companies
  14. Finding a Suitable Corporate Secretarial Firm in Singapore
  15. Oppression of Minority Shareholders
  16. Process Agents in Singapore
Company Documents
  1. Company Constitution in Singapore: What It is and How to Draft One
  2. How to Set Up a Register of Controllers
  3. How to Set Up a Register of Nominee Directors
  4. Memorandum of Understanding (MOU): Does Your Business Need One?
  5. Minutes of Company Meeting in Singapore: How to Record
  6. Company Resolutions: What are They?
  7. Company Memorandum and Articles of Association
  8. Filing Annual Returns For Your Business
Company Management
  1. Shadow Directors: Who are They and What Duties Do They Owe to the Company?
  2. Director's Remuneration: When Can Company Directors be Remunerated For Their Services?
  3. How to Remove a Director from a Company in Singapore
  4. Appointing Company Directors in Singapore: Eligibility, Process etc.
  5. Company Loans to Directors/Shareholders (& Vice Versa) in Singapore
  6. Share Transmission: What Happens If a Shareholder Dies in Singapore?
  7. Business Will: How to Pass on Your Business to Your Successors in Singapore
  8. Shareholder Rights in Singapore Private Companies
  9. Removal and Resignation of Company Auditor in Singapore
  10. What Responsibilities Do Company Shareholders Have in Singapore?
  11. Creating and Registering Charges in Singapore: Guide for Companies
  12. How to Commence a Derivative Action on Behalf of a Company in Singapore
  13. Appointing a Company Secretary: Roles and Responsibilities
  14. Directors' Duties in Singapore
Tax and Accounting
  1. What is Withholding Tax and When to Pay It in Singapore
  2. Singapore Influencers: Here's How to Calculate Your Income Tax
  3. Corporate Tax in Singapore: How to Pay, Tax Rate and Tax Exemptions
  4. When to Register for GST, How and Responsibilities after Registration
Data Protection
  1. Essential PDPA Compliance Guide for Singapore Businesses
  2. Cloud Storage of Personal Data: Your Business’ Data Protection Obligations
  3. How Can Companies Dispose of Documents Containing Personal Data?
  4. Here's a 7-Step Plan for Companies to Prevent Unauthorised Disclosure When Processing and Sending Personal Data
  5. Appointing a Data Protection Officer For Your Business: All You Need to Know
  6. Summary: Your Organisation's 9 Main Obligations under the Personal Data Protection Act
  7. Check the Do-Not-Call Registry Before Marketing to Singapore Phone Numbers
  8. GDPR Compliance in Singapore: Is it Required and How to Comply
  9. Drafting a Comprehensive Privacy Policy For Your Singapore Website
  10. Is It Legal for Businesses to Ask for Your NRIC in Singapore?
  11. PDPA Consent Requirements: How Can Your Business Comply?
  12. Legal Options If Employees Breach Confidentiality in Singapore
Marketing
  1. How Can You Comply with Singapore Law When Sending Email Newsletters?
  2. Outdoor Advertising: How to Legally Display Public Ads in Singapore
  3. A legal guide to drafting a social media policy for your company
  4. Dealing with Defamation of Your Business: Can You Sue?
Franchising
  1. Starting a Franchise in Singapore: What Franchisors Should Look Out For
  2. Running a Franchise in Singapore: What To Look Out for as a Franchisee
Debt Restructuring
  1. Informal Debt Restructuring and Workout in Singapore
  2. What is a Scheme of Arrangement, How it Works and How to Apply for One
  3. Judicial Management: What is It and How Does it Work?
Ending a Business
  1. Insolvency: Claw-back of Assets from Unfair Preference and Undervalue Transactions
  2. Striking Off a Company
  3. What Should a Creditor Do When a Company Becomes Insolvent?
  4. Dissolution of partnerships in Singapore
  5. Validation of Payments Made by Companies Being Wound Up
  6. Can a Company that Struck Itself Off the Register Later Apply to Restore Itself?
  7. Are You Closing Your Singapore Business? Have You Settled All of the Following?
  8. How to File a Proof of Debt against a Company in Liquidation
  9. Winding Up a Company