Summary: Your Organisation’s 10 Main PDPA Obligations

Last updated on March 26, 2021

A businessman touching a padlock icon.

Your organisation is required to abide by the Personal Data Protection Act (PDPA) when using, collecting or disclosing personal data.

The 10 main personal data obligations under the PDPA are:

  1. Consent Obligation
  2. Purpose Limitation Obligation
  3. Notification Obligation
  4. Access and Correction Obligation
  5. Accuracy Obligation
  6. Protection Obligation
  7. Retention Limitation Obligation
  8. Transfer Limitation Obligation
  9. Data Breach Notification Obligation
  10. Accountability Obligation

Here is a summary of each of them.

Your organisation may collect, use and/or disclose only the personal data of individuals who have consented to such collection, use and/or disclosure.

These individuals must also be given the option to withdraw their consent, subject to them giving reasonable notice. Upon the withdrawal of consent, your organisation must cease collecting, using and/or disclosing the personal data of these individuals.

Read more about the PDPA’s Consent Obligation in our other article.

2. Purpose Limitation Obligation

Your organisation may collect, use and/or disclose only the personal data of individuals for the purpose(s) for which consent have been given by these individuals.

These individuals should also not be required to consent to the collection, use and/or disclosure of their personal data beyond what is reasonable for the organisation to provide a particular product or service.

3. Notification Obligation

Your organisation should inform individuals of the purpose(s) for which their personal data is being collected, used and/or disclosed.

4. Access and Correction Obligation

Your organisation is obliged to provide information to individuals, upon request and as soon as reasonably possible, on:

  • What personal data of theirs is in your organisation’s possession or under its control; and
  • How such personal data has been used or disclosed within 1 year of the request.

Also, should an individual request that the organisation rectify any error or omission in his or her personal data, your organisation must accede to the request as soon as practicable.

5. Accuracy Obligation

Your organisation should ensure that the personal data collected by the organisation is accurate and complete.

6. Protection Obligation

Your organisation should put in place the required security measures to protect the personal data in its possession or control, including the storage media or devices on which such data is stored. This is to prevent any unauthorised access, collection, use and/or disclosure of such data.

Examples of when the protection obligation applies would be when your organisation is processing and sending personal data, or disposing of documents containing personal data.

7. Retention Limitation Obligation

Your organisation should retain the personal data for only as long as is necessary for business or legal purposes.

8. Transfer Limitation Obligation

If your organisation is transferring the personal data overseas, such as storing the data in the cloud, ensure that the country to which the data is being transferred offers a comparable level of data protection as is provided by the PDPA.

9. Data Breach Notification Obligation

If your organisation has suffered a data breach that has caused (or is likely to cause) significant harm to affected individuals, or that has affected at least 500 individuals, then it generally must inform the Personal Data Protection Commission (PDPC) and affected individuals of the breach.

10. Accountability Obligation

Your organisation should be open to sharing information about its data protection practices, policies and complaints processes upon request.

For example, your organisation’s privacy policy can state that individuals who wish to know more the organisation’s data protection policies can get in touch with its data protection officer, and also provide means of contacting that officer.

If you require legal advice on your business’ legal obligations under the PDPA, feel free to get in touch with one of our data protection lawyers.

Appointment and Removal of Company Officers and Other Key Personnel
  1. Appointing Company Directors in Singapore: Eligibility, Process etc.
  2. Managing Director vs CEO in Singapore: Roles and Obligations
  3. Guide to Directors' Remuneration in Singapore
  4. Directors' Duties in Singapore
  5. Shadow Directors: Who are They and What Duties Do They Owe to the Company?
  6. How to Remove a Director from a Company in Singapore
  7. Removal and Resignation of Company Auditor in Singapore
  8. Appointing a Company Secretary: Roles and Responsibilities
  9. Appointing an Authorised Representative for Foreign Companies in Singapore
  10. Process Agents in Singapore
Holding Meetings
  1. What are Annual General Meetings (AGMs) in Singapore?
  2. How to Hold Extraordinary General Meetings (EGMs) in Singapore
  3. How to Hold a Board Meeting in Singapore
Shareholder Matters
  1. 2 Ways to Remove a Singapore Company Shareholder ASAP
  2. Guide to Paid-Up Capital in Singapore (Is $1 Enough?)
  3. Preparing a Register of Shareholders for a Singapore Company
  4. How to Issue Shares in a Singapore Private Company
  5. Guide to Transferring Shares in a Singapore Private Company
  6. Your Guide to Share Certificates in Singapore: Usage and How to Prepare
  7. Shareholder Rights in Singapore Private Companies
  8. Shareholder Roles and Obligations in Singapore Companies
  9. Dividend Payments Guide for Singapore Business Owners
  10. Share Transmission: What Happens If a Shareholder Dies in Singapore?
  11. How to Reduce the Share Capital of Your Singapore Company
  12. Buy-Sell Agreements: How to Write & Fund Them in Singapore
  13. Oppression of Minority Shareholders
Compliance
  1. Essential Regulatory Compliance Guide for Singapore Companies
  2. Dormant Companies and Their Filing Obligations in Singapore
  3. Anti-Money Laundering Regulations and Your Business: What You Need to Know
  4. Price-Fixing, Bid-Rigging and Other Anti-Competitive Practices to Avoid
  5. Legally Conducting Lucky Draws for Singapore Businesses
  6. Restaurant Inspection and Food Safety Rules in Singapore
Company Management
  1. Does Your Company Need a Legal Team (In-House Counsel)?
  2. Acqui-Hiring of Singapore Companies: How Does It Work?
  3. How to Change the Name of Your Singapore Company
  4. Can Directors be Liable for Company Debts in Singapore?
  5. Company Loans to Directors/Shareholders in Singapore
  6. 3 Types of Insurance Every Singapore Business Needs
  7. Creating and Registering Charges in Singapore: Guide for Companies
  8. Guide to Effective Business Continuity Planning in Singapore
  9. Business Asset Sale & Disposal in Singapore: How Do They Work?
  10. Business Partnership Disputes in Singapore: How to Resolve
  11. How to Commence a Derivative Action on Behalf of a Company in Singapore
  12. Business Will: How to Pass on Your Business to Your Successors in Singapore
Company Documents
  1. Record-Keeping Requirements for Singapore Companies
  2. Company Constitutions in Singapore and How to Draft One
  3. Company Memorandum and Articles of Association
  4. Company Resolutions: What are They?
  5. Board Resolutions in Singapore
  6. Minutes of Company Meeting in Singapore: How to Record
  7. How to Set Up a Register of Controllers
  8. How to Set Up a Register of Nominee Directors
  9. Guide to Filing Financial Statements for Singapore Business Owners
  10. Filing Annual Returns For Your Business
Tax, Accounting and Audit Matters
  1. Singapore Corporate Tax: How to Pay, Tax Rate, Exemptions
  2. Start-Up Tax Exemption Guide for New Singapore Companies
  3. GST Registration: Requirements and Procedure in Singapore
  4. What is Withholding Tax and When to Pay It in Singapore
  5. Singapore Influencers: Here's How to Calculate Your Income Tax
  6. Tax Investigation of Tax-Evading Business Owners in Singapore
  7. Small Business Accounting Services in Singapore
  8. Company Audits in Singapore: Requirements and Exemptions
Data Protection
  1. Suspect a PDPA Data Breach? Here's What to Do Next
  2. Must You Notify PDPC About a Data Breach in Your Business?
  3. Summary: Your Organisation's 10 Main PDPA Obligations
  4. Essential PDPA Compliance Guide for Singapore Businesses
  5. PDPA Consent Requirements: How Can Your Business Comply?
  6. Is It Legal for Businesses to Ask for Your NRIC in Singapore?
  7. Here's a 7-Step Plan for Companies to Prevent Unauthorised Disclosure When Processing and Sending Personal Data
  8. Cloud Storage of Personal Data: Your Business’ Data Protection Obligations
  9. Drafting a Comprehensive Privacy Policy For Your Singapore Website
  10. GDPR Compliance in Singapore: Is it Required and How to Comply
  11. Appointing a Data Protection Officer For Your Business: All You Need to Know
  12. How Can Companies Dispose of Documents Containing Personal Data?
  13. Check the Do-Not-Call Registry Before Marketing to Singapore Phone Numbers
  14. How to Legally Install CCTVs for Home/Business Use in Singapore
  15. Is Web Scraping or Crawling Legal in Singapore?
  16. Legal Options If Employees Breach Confidentiality in Singapore
Marketing
  1. Your Guide to E-commerce Website Terms of Service in Singapore
  2. Dealing with Defamation of Your Business: Can You Sue?
  3. Sending Email Newsletters That Comply With Singapore Law
  4. A legal guide to drafting a social media policy for your company
  5. Your Guide to a Media Release Form in Singapore
  6. Your Guide to an Influencer Marketing Agreement in Singapore
  7. Outdoor Advertising: How to Legally Display Public Ads in Singapore
Franchising
  1. Starting a Franchise in Singapore: What Franchisors Should Look Out For
  2. Running a Franchise in Singapore: What To Look Out for as a Franchisee
Debt Restructuring
  1. What is Judicial Management and How It Works in Singapore
  2. Schemes of Arrangement: How They Work and How to Apply
  3. Informal Debt Restructuring and Workout in Singapore
Ending a Business
  1. Claw-Back of Assets From Unfair Preference and Undervalued Transactions
  2. Should You Save or Close Your Zombie Company in Singapore?
  3. Voluntary Suspension of Business in Singapore: How to Handle
  4. Winding Up a Singapore Company: Grounds and Procedure
  5. Closing Your Singapore Business: What You Need to Settle
  6. Striking Off a Company
  7. Can a Company that Struck Itself Off the Register Later Apply to Restore Itself?
  8. Dissolution of partnerships in Singapore
  9. What Should a Creditor Do When a Company Becomes Insolvent?
  10. How to File a Proof of Debt Against a Company in Liquidation
  11. Validation of Payments Made by Companies Being Wound Up