Summary: Your Organisation’s 9 Main PDPA Obligations
Your organisation is required to abide by the Personal Data Protection Act (PDPA) when using, collecting or disclosing personal data.
The 9 main personal data obligations under the PDPA are:
- Consent Obligation
- Purpose Limitation Obligation
- Notification Obligation
- Access and Correction Obligation
- Accuracy Obligation
- Protection Obligation
- Retention Limitation Obligation
- Transfer Limitation Obligation
- Openness Obligation
1. Consent Obligation
Your organisation may only collect, use and/or disclose the personal data of individuals who have consented to such collection, use and/or disclosure.
These individuals must also be given the option to withdraw their consent, subject to them giving reasonable notice. Upon the withdrawal of consent, your organisation must cease collecting, using and/or disclosing the personal data of these individuals.
Read more about the PDPA’s Consent Obligation in our other article.
2. Purpose Limitation Obligation
Your organisation may only collect, use and/or disclose personal data of individuals for the purpose(s) for which consent have been given by these individuals.
These individuals should also not be required to consent to the collection, use and/or disclosure of their personal data beyond what is reasonable for the organisation to provide a particular product or service.
3. Notification Obligation
4. Access and Correction Obligation
Your organisation is obliged to provide information to individuals, upon request and as soon as reasonably possible, on:
- What personal data of theirs is in your organisation’s possession or under its control; and
- How such personal data has been used or disclosed within 1 year of the request.
5. Accuracy Obligation
6. Protection Obligation
Your organisation should put in place the required security measures to protect the personal data in its possession or control. This is to prevent any unauthorised access, collection, use and/or disclosure of such data.
7. Retention Limitation Obligation
8. Transfer Limitation Obligation
If your organisation is transferring the personal data overseas, such as storing the data in the cloud, ensure that the country to which the data is being transferred offers a comparable level of data protection as is provided by the PDPA.
9. Openness Obligation
Your organisation should be open to sharing information about its data protection practices, policies and complaints processes upon request.
If you require legal advice on your business’ legal obligations under the PDPA, feel free to get in touch with one of our data protection lawyers.
- What are Annual General Meetings (AGMs) in Singapore?
- Anti-Money Laundering Regulations and Your Business: What You Need to Know
- Price-Fixing, Bid-Rigging and Other Anti-Competitive Practices to Avoid
- Dividend Payments Guide for Singapore Business Owners
- Company Audits in Singapore: Requirements and Exemptions
- Guide to Transferring Shares in a Singapore Private Company
- How to Hold Extraordinary General Meetings (EGMs) in Singapore
- How to Issue Shares in a Singapore Private Company
- How to Reduce the Share Capital of Your Singapore Company
- Legally Conducting Lucky Draws for Singapore Businesses
- Dormant Companies and Their Filing Obligations in Singapore
- How to Hold a Board Meeting in Singapore
- Can Directors be Liable for Company Debts in Singapore?
- Paid-Up Capital in Singapore: A Complete Guide (Is $1 Enough?)
- Restaurant Inspection and Food Safety Rules in Singapore
- Preparing a Register of Shareholders for a Singapore Company
- Essential Regulatory Compliance Guide for Singapore Companies
- Finding a Suitable Corporate Secretarial Firm in Singapore
- Oppression of Minority Shareholders
- Process Agents in Singapore
- Shadow Directors: Who are They and What Duties Do They Owe to the Company?
- Guide to Directors' Remuneration in Singapore
- 3 Types of Insurance Every Singapore Business Needs
- How to Change the Name of Your Singapore Company
- How to Remove a Director from a Company in Singapore
- Appointing Company Directors in Singapore: Eligibility, Process etc.
- Company Loans to Directors/Shareholders (& Vice Versa) in Singapore
- Share Transmission: What Happens If a Shareholder Dies in Singapore?
- Business Will: How to Pass on Your Business to Your Successors in Singapore
- Shareholder Rights in Singapore Private Companies
- Removal and Resignation of Company Auditor in Singapore
- Shareholder Roles and Obligations in Singapore Companies
- Creating and Registering Charges in Singapore: Guide for Companies
- How to Commence a Derivative Action on Behalf of a Company in Singapore
- Managing Director vs CEO in Singapore: Roles and Obligations
- Appointing an Authorised Representative for Foreign Companies in Singapore
- Business Partnership Disputes in Singapore: How to Resolve
- Guide to Effective Business Continuity Planning in Singapore
- Buy-Sell Agreements: How to Write & Fund Them in Singapore
- Voluntary Suspension of Business in Singapore: How to Handle
- Appointing a Company Secretary: Roles and Responsibilities
- Directors' Duties in Singapore
- Company Constitutions in Singapore and How to Draft One
- Company Memorandum and Articles of Association
- Minutes of Company Meeting in Singapore: How to Record
- Guide to Filing Financial Statements for Singapore Business Owners
- Filing Annual Returns For Your Business
- Memorandum of Understanding (MOU): Does Your Business Need One?
- Company Resolutions: What are They?
- Board Resolutions in Singapore
- Your Guide to Share Certificates in Singapore: Usage and How to Prepare
- How to Set Up a Register of Controllers
- How to Set Up a Register of Nominee Directors
- What is Withholding Tax and When to Pay It in Singapore
- Singapore Influencers: Here's How to Calculate Your Income Tax
- Corporate Tax in Singapore: How to Pay, Tax Rate, Exemptions
- When to Register for GST, How and Responsibilities after Registration
- Start-Up Tax Exemption Guide for New Singapore Companies
- Tax Investigation of Tax-Evading Business Owners in Singapore
- Small Business Accounting Services in Singapore
- Essential PDPA Compliance Guide for Singapore Businesses
- Cloud Storage of Personal Data: Your Business’ Data Protection Obligations
- How Can Companies Dispose of Documents Containing Personal Data?
- Here's a 7-Step Plan for Companies to Prevent Unauthorised Disclosure When Processing and Sending Personal Data
- Appointing a Data Protection Officer For Your Business: All You Need to Know
- Summary: Your Organisation's 9 Main PDPA Obligations
- Check the Do-Not-Call Registry Before Marketing to Singapore Phone Numbers
- GDPR Compliance in Singapore: Is it Required and How to Comply
- Is It Legal for Businesses to Ask for Your NRIC in Singapore?
- PDPA Consent Requirements: How Can Your Business Comply?
- Legal Options If Employees Breach Confidentiality in Singapore
- Your Guide to a Media Release Form in Singapore
- Insolvency: Claw-back of Assets from Unfair Preference and Undervalued Transactions
- Striking Off a Company
- What Should a Creditor Do When a Company Becomes Insolvent?
- Dissolution of partnerships in Singapore
- Validation of Payments Made by Companies Being Wound Up
- Can a Company that Struck Itself Off the Register Later Apply to Restore Itself?
- Closing Your Singapore Business: What You Need to Settle
- How to File a Proof of Debt against a Company in Liquidation
- Winding Up a Company