Singapore’s new Personal Data Protection Law

The Singapore parliament on October 2012 finally passed the personal data protection bill that is designed to safeguard an individual’s personal data against misuse. It encompasses a national Do-Not-Call registry and a new enforcement agency will be tasked to regulate the management of personal data by businesses and impose financial penalties.

Singapore’s newly passed Personal Data Protection Act 2012 (PDPA) is expected to be enacted in early 2013 and be implemented in about mid-2014, giving organizations above 18 months to get ready to comply with the PDPA.

The PDPA applies to all private sector organizations. In general, the collection, use & disclosure of personal data (PD) requires the individual’s consent. The holder of Personal Data will also have responsibilities in relation to the security of the data, access to and correction of the personal data.

For more information, please refer to