The Personal Data Protection Commission (PDPC) was officially established on 2 January 2013. The commission serves as Singapore’s authority in all matters related to personal data protection.
There are heavy penalties for breach of Personal Data Protection Act (PDPA). Fines can be up to SGD$1 million and companies may suffer loss in reputation.
The definition of Personal Data is any information relating to a person that enables him/her to be identified, whether directly or indirectly.
PDPA was implemented as a Singapore law to prevent the misuse of personal data.
It covers any personal data which are stored both in electronic and non-electronic formats.
Some examples of Personal Data includes:
The following are the obligations of any organisations under the Personal Data Protection Act (PDPA):
Informing individuals the purposes of collecting & using their personal data. Using them for purposes that they have given consent to and allow withdrawal with reasonable notice.
Ensure that personal data collected is accurate and complete and make reasonable security measures to ensure the personal data are not disclosed while in your possession.
Do not keep personal data once it is no longer required and to dispose of them the correct way.
Provide individuals with access and information on how Personal Data was used upon request.
In any cases of data breach which might result in significant harm to individuals, to notify PDPC as well as affected individual.
PDPA compliance is mandated for organisations operating in Singapore with respect to using, collecting, and disclosing of personal data.
Employees of any organisations must also adhere to their organisation’s policies to ensure compliance with PDPA.
Companies in Singapore like Arkiva will be able to help with securely destroying paper documents or electronics like hard disks and flash drives that contain personal data.
By physically destroying the confidential personal data, companies can have a peace of mind that the personal data has been fully erased and safe from data leak.
A certificate of destruction issued upon completion of service also acts as a “black & white” proof that data has been destroyed for future audit purposes.